On Sat, Oct 11, 2014 at 7:58 PM, Juan Christian <[email protected]> wrote: > Sorry for triple post, but yes, webbrowser worked 100%. Exactly what I > needed!
Huh. Wow. That actually worked? :P --- Frankly speaking though, this sounds like a horrible XSRF-style attack in waiting, if I understand what has just happened. (http://en.wikipedia.org/wiki/Cross-site_request_forgery) Usually, requests to do mutation operations are protected so that, in order to make the request, you have to have some knowledge in the request that's specific to the user, and not public knowledge. The URL you've described is missing this basic information, an "XSRF token" as its commonly known (though I would have assumed it would be called an "anti-XSRF" token, but oh well.) I'm not sure how your web browser is handling the 'steam://' URL class, but I would very much hope that, in the interface between the browser and your Steam client, it's doing something to mitigate what looks like an XSRF exploit. _______________________________________________ Tutor maillist - [email protected] To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor
