1 post • joined 30 Mar 2009
GET and POST
Those demonstrations have to submit the cross-site requests as HTTP GET, because they're images and redirects (which happen automatically). But the requests being made are state-changing, so they should be POSTs (requiring user interaction). How would a check in the website's server-side form processing for GET vs POST (or for the HTTP referrer, for that matter) inconvenience the user?
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed