Comment 37 for bug 560246

Revision history for this message
Kirils Solovjovs (linux-kirils) wrote :

I think they would show that Lauchpad is already currently vulnerable to XSRF and nothing would change in that respect. So, is there a specific standart or ready made testcases that need to be presented to go forward with this change?

If not, and just plain speculation is enough - take my word for it - XSRF is already possible and should NOT be "solved" by checking ref header.