On 16-11-2010 at 19:43, Newman, John W wrote: > Is the token universally good for any http based application or am I > missing something? Any reason you would NOT want this feature in your app? > Obviously it could be flagged disabled, possibly even by default.
In general, I don't think it would take much, except that it adds at least
one error you'll need to handle ("form already submitted"). This needs to be
thought out well.
Then, another tricky part is whether the token is per application, page
(form), or per form/record combination. But I guess that's easily enough made
pluggable.
Oscar
--
,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( No trees were killed in the creation of this message. However,
=/ () many electrons were terribly inconvenienced.
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
