I need to understand better Rails mechanism to understand what broke there. We do not use http headers to protect against CSRF, we use a one time uuid hidden in the forms.
- [web2py] [+-off topic] Rails vulnerability issue (are we... rochacbruno
- [web2py] Re: Rails vulnerability issue (are we prot... Massimo Di Pierro
