Actually, I attempted to forge POST requests on Django with disabled CSRF protection – and failed. Maybe I wasn't creative enough, but modern browsers do indeed have a good protection against this attack vector. I therefore welcome this proposal, unless someone can show how to bypass this protection. – Jacob
-- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2b349cdb-7502-4d6d-b299-cf62e1edc265n%40googlegroups.com.