Cross-Site Request Forgeries
View Single Post
09-10-2007, 08:08 PM
Join Date: Sep 2007
Originally Posted by
You could, but it wouldn't really offer you much more protection against CSRF. Malicious users can also forge a POST request just as easily as a GET, I just thought the GET method made the example easier to grasp.
You cant forge POST requests from a remote server, the only way to put post data in is the form.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot