Simon Willison’s Weblog

2 items tagged “royfielding”

CSRF is not a security issue for the Web. A well-designed Web service should be capable of receiving requests directed by any host, by design, with appropriate authentication where needed. If browsers create a security issue because they allow scripts to automatically direct requests with stored security credentials onto third-party sites, without any user intervention/configuration, then the obvious fix is within the browser.

Roy Fielding # 23rd January 2009, 8:14 am

Explaining REST to Damien Katz. I didn’t know that it was Mark Baker back in 2002 who first pointed out that SOAP was flawed because it ignored the architecture of the Web as defined by Roy Fielding’s Ph.D thesis. # 17th August 2008, 11:19 pm