

Preventing CSRF Attacks with AJAX and HTTP Headers - wglb
http://nealpoole.com/blog/2010/11/preventing-csrf-attacks-with-ajax-and-http-headers/

======
nbpoole
I said this in the post, but I want to make it clear here: the Origin header
is not a panacea for CSRF. There are plenty of other elements that can render
it useless as a form of protection, which I spell out in the post itself.
However, it's definitely a cool use of the header (and one that I hadn't seen
discussed before). :)

------
nbpoole
Ugh. I'm going to be regretting my snarky comment about the Referer header
very soon :P

