I think they would show that Lauchpad is already currently vulnerable to XSRF and nothing would change in that respect. So, is there a specific standart or ready made testcases that need to be presented to go forward with this change?
If not, and just plain speculation is enough - take my word for it - XSRF is already possible and should NOT be "solved" by checking ref header.
I think they would show that Lauchpad is already currently vulnerable to XSRF and nothing would change in that respect. So, is there a specific standart or ready made testcases that need to be presented to go forward with this change?
If not, and just plain speculation is enough - take my word for it - XSRF is already possible and should NOT be "solved" by checking ref header.