[Owasp-csrfprotector] protection for GET requests

Jim Manico jim.manico at owasp.org
Fri May 30 06:12:23 UTC 2014


Also not all POST need CSRF protection:  a public comment form, a public 
registration form, or login do not need tokens.

Aloha,
Jim

On 5/29/14, 6:55 PM, Minhaz A V wrote:
> I could not think of a good configuration name for this field, where 
> user maintain url/regex of those pages for which CSRF validation (GET) 
> is supposed to be done. Available at: 
> https://github.com/mebjas/CSRF-Protector-PHP/blob/GET-support/libs/config.php#L17 
>
>
> suggest me one,*verifyGetFor *doesn't look good as a parameter name :O
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfprotector/attachments/20140530/929e0590/attachment-0001.html>


More information about the Owasp-csrfprotector mailing list