On 10.12.2010 01:46, Tab Atkins Jr. wrote:
... Indeed. You shouldn't be able to trigger POSTs from involuntary actions. They should always require some sort of user input, because there is simply *far* too much naive code out there that is vulnerable to CSRF. ...
Thanks, Tab. It's sad that the discussion even got that far.If the URI length is a problem because of browsers, fix the browsers to extend the limits, instead of adding a completely new feature.
Best regards, Julian
