Greetings all, I've put together a Proposal to Prevent CSRF Attacks on CouchDB with Tokens, summarizing my thoughts and conversations with Paul Davis and Adam Kocoloski.
Basically, it's not going to be pretty, but it's better than remaining open to CSRF attacks. And it would be configurable. Check it out, and I look forward to your comments: https://gist.github.com/817490 Cheers, -- Sam Bisbee www.sbisbee.com
