Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
eurleif
on March 30, 2012
|
parent
|
context
|
favorite
| on:
#1 CSRF Is A Vulnerability In All Browsers
You shouldn't be able to get the token from another domain, regardless of how long it lasts. How are you able to?
txt
on March 31, 2012
[–]
Im getting it on the same domain, but the request can be sent from any domain, as long as the user is logged in.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: