[RCU] Search Via HTTP GET

Steve Perkins sp at strategicbookings.com
Tue May 12 16:55:15 CEST 2015

ano kajan

Sent from Type Mail

On 9:47PM, May 12, 2015, at 9:47PM, Andrew Davidson <andrew at amdavidson.com> wrote:
>On 2015-05-12 09:37, Reindl Harald wrote:
>> read the wiki article
>> CSRF is not about "verify authentication state", it is about a link
>> from the attacker leads in trigger a  action in a web-application
>> *because you are authenticated* and hence there is a CRSF-token
>I wasn't sufficiently clear, I don't intend to scrape the data and
>it into another application.
>I plan to have the application redirect to RC itself, in the browser. 
>The other application will never have access to the results of that
>and it will not redirect back.
>Again, no different than you clicking on this link: 
>Your mail client will have no access to your Amazon account, but the 
>search request will still be executed.
>Roundcube Users mailing list
>users at lists.roundcube.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/users/attachments/20150512/74d9e981/attachment.html>

More information about the users mailing list