On 12/08/2014 09:51 AM, Larry Martell wrote: > Right, but anyone can write a script to bypass the CSRF protection. I > was surprised that it would be so easy to do that. I guess that's not > what CSRF was designed to protect against.
Right. There's no such thing as a CSRF attack via script. The definition of a CSRF attack is that you trick a user's browser into doing something the user didn't intend to do, taking advantage of the session/authentication stored in their browser cookies. Carl -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5485DA0A.1020409%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
