On Wed, Jun 17, 2009 at 5:16 PM, Mark S. Miller<[email protected]> wrote: > On Wed, Jun 17, 2009 at 5:09 PM, Adam Barth <[email protected]> wrote: >> On Wed, Jun 17, 2009 at 5:02 PM, Mark S. Miller<[email protected]> wrote: >> > Not in this way. At least not according to Roy Fielding (Mr. REST) >> > <http://lists.w3.org/Archives/Public/ietf-http-wg/2009JanMar/0037.html>. >> >> That email also claims that "CSRF is not a security issue for the >> Web," so I guess we need not worry about these issues. :) > > C'mon Adam, I was citing that regarding what "the point of a browser" is.
I know, but you do appreciate the irony in citing that email in a discussion of how to mitigate CSRF. Adam
