On Wed, Jun 17, 2009 at 5:02 PM, Mark S. Miller<[email protected]> wrote: > On Wed, Jun 17, 2009 at 4:46 PM, Ian Hickson <[email protected]> wrote: >> But... we want the page talking on behalf of the user. That's the point >> of a browser. > > Not in this way. At least not according to Roy Fielding (Mr. REST) > <http://lists.w3.org/Archives/Public/ietf-http-wg/2009JanMar/0037.html>.
That email also claims that "CSRF is not a security issue for the Web," so I guess we need not worry about these issues. :) Adam
