Simon Willison’s Weblog

Items tagged browsers, csrf, royfielding, security in 2009

Filters: Year: 2009 × browsers × csrf × royfielding × security ×

CSRF is not a security issue for the Web. A well-designed Web service should be capable of receiving requests directed by any host, by design, with appropriate authentication where needed. If browsers create a security issue because they allow scripts to automatically direct requests with stored security credentials onto third-party sites, without any user intervention/configuration, then the obvious fix is within the browser.

Roy Fielding # 23rd January 2009, 8:14 am