[Owasp-csrfprotector] protection for GET requests
jim.manico at owasp.org
Sun May 25 22:25:57 UTC 2014
What if we keep a list of specific urls for which developer want to check
for CSRF validation in GET requests, this would create no false positive or
false negative. As GET requests to only certain urls can be vulnerable. If
developer can identify this, we can map every host url in request, with
list the developer has maintained and provide validation for those only.
But this will complicate the logic to certain extend, but we can implement
Great idea, I like it.
minhaz.cistoner.org || cistoner.org
Owasp-csrfprotector mailing list
Owasp-csrfprotector at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfprotector