[Owasp-csrfprotector] protection for GET requests

Jim Manico jim.manico at owasp.org
Sun May 25 22:25:57 UTC 2014

What if we keep a list of specific urls for which developer want to check
for CSRF validation in GET requests, this would create no false positive or
false negative. As GET requests to only certain urls can be vulnerable. If
developer can identify this, we can map every host url in request, with
list the developer has maintained and provide validation for those only.
But this will complicate the logic to certain extend, but we can implement

Great idea, I like it.
- Jim

minhaz.cistoner.org || cistoner.org

Owasp-csrfprotector mailing list
Owasp-csrfprotector at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfprotector/attachments/20140525/58481db4/attachment.html>

More information about the Owasp-csrfprotector mailing list