[Owasp-csrfprotector] protection for GET requests
jim.manico at owasp.org
Fri May 30 06:12:23 UTC 2014
Also not all POST need CSRF protection: a public comment form, a public
registration form, or login do not need tokens.
On 5/29/14, 6:55 PM, Minhaz A V wrote:
> I could not think of a good configuration name for this field, where
> user maintain url/regex of those pages for which CSRF validation (GET)
> is supposed to be done. Available at:
> suggest me one,*verifyGetFor *doesn't look good as a parameter name :O
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfprotector