On Mon, Sep 02, 2013 at 08:38:51AM -0400, Simo Sorce wrote: > > > > Could we change the CSRF protection method from the Referrer check to > > some user session specific token? > > Where do you store it on the client side ?
Storing it in some DOM element (hidden div) and retrieving it into any POST operation you do against the server would be my course of investigation. -- Jan Pazdziora | adelton at #ipa*, #brno Principal Software Engineer, Identity Management Engineering, Red Hat _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
