1 Mar
2011
1 Mar
'11
9:14 a.m.
Benjamin Johnson wrote:
The default is not to allow automatic requests (such as redirects) unless they're from the same domain. Frankly I think this is a stupid default, because even though it's a little more secure, it also breaks most real world sites.
I agree. The default even breaks Google. No doubt the security concerns are real but we need a solution that is not so bad for usability. Does anyone know if other browsers take similar precautions, and what their algorithm is? Regards, Jeremy Henty