> > Security risk. > For is_xhr requests you can disable CSRF checks, as there is no known way of > sending a cross-site forged request with this header set. But it's trivial to > spoof one more field. >
Is there a way to fix the issue? I can't believe it's _intended_ that one can't upload files via XMLHTTPRequest. -- Vladimir -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
