

Common CSRF vulnerability in OAuth2 implementations - michiel3
https://www.online24.nl/blog/common-csrf-vulnerability-in-oauth2-implementations/

======
asto
It takes 3-4 extra lines of code to implement CSRF protection for oauth2 login
in python. The same kind of idiots who set themselves up for stupid sql
injection attacks omit CSRF protection. How is this interesting?

~~~
ajross
It's interesting precisely because that mistake is "common" (though I'll admit
some frustration that the actual vulnerabilities aren't disclosed, so we don't
know how common). It says so right in the headline.

Maybe you already knew this. Maybe you are too smart to make such a mistake
(though in my experience, people quick to dismiss "simple" security practices
are the _most_ likely to forget them and make this kind of mistake). Some
people aren't. And others, like me (also way-too-smart-to-ever-do something-
like-this of course) don't actually know much about OAuth and read the link
interested in learning more about its security landscape.

