[whatwg] CSRFs and Origin header and <form>s

Ian Hickson ian at hixie.ch
Tue Dec 2 03:27:52 PST 2008 

I've added the Origin header to all non-GET browsing context navigation 
and to ping="" processing.

http://html5.org/tools/web-apps-tracker?from=2524&to=2525

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list