[RCU] Search Via HTTP GET
sp at strategicbookings.com
Tue May 12 16:55:15 CEST 2015
Sent from Type Mail
On 9:47PM, May 12, 2015, at 9:47PM, Andrew Davidson <andrew at amdavidson.com> wrote:
>On 2015-05-12 09:37, Reindl Harald wrote:
>> read the wiki article
>> CSRF is not about "verify authentication state", it is about a link
>> from the attacker leads in trigger a action in a web-application
>> *because you are authenticated* and hence there is a CRSF-token
>I wasn't sufficiently clear, I don't intend to scrape the data and
>it into another application.
>I plan to have the application redirect to RC itself, in the browser.
>The other application will never have access to the results of that
>and it will not redirect back.
>Again, no different than you clicking on this link:
>Your mail client will have no access to your Amazon account, but the
>search request will still be executed.
>Roundcube Users mailing list
>users at lists.roundcube.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users