-
Type: New Feature
-
Status: Resolved
-
Priority: Major
-
Resolution: Applied
-
Affects Version/s: Browser Binding Proposal
-
Fix Version/s: V1.1
-
Component/s: Browser Binding
-
Labels:None
-
Proposal:
We discussed this topic in the meeting on March 7. By supporting a form post endpoint, the browser binding introduces potential vulnerability to cross-site request forgery attacks (http://en.wikipedia.org/wiki/Csrf). We should provide for some common defenses in the browser binding API.