d3ad social login

[d3ad]

tags labelled 'csrf' e

please login to post
@barray on Sat Aug 07 01:00:48 UTC 2021 said: &e
Yeah... #deadsocial is 100% vulnerable to #csrf https://simonwillison.net/2021/Aug/3/sam.. I have a better solution for this problem though, where every requested page whilst logged in also sends a #random #token per #form that needs to be sent back with the #user #session #cookie . The reason for not using #http #headers is that not *every* browser supports them.