[whatwg] CSRFs and Origin header and <form>s

Ian Hickson ian at hixie.ch
Tue Dec 2 03:27:52 PST 2008

I've added the Origin header to all non-GET browsing context navigation 
and to ping="" processing.


Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list