On 2015-05-12 09:37, Reindl Harald wrote:
read the wiki article
CSRF is not about "verify authentication state", it is about a link from the attacker leads in trigger a action in a web-application *because you are authenticated* and hence there is a CRSF-token
I wasn't sufficiently clear, I don't intend to scrape the data and embed it into another application.
I plan to have the application redirect to RC itself, in the browser. The other application will never have access to the results of that page and it will not redirect back.
Again, no different than you clicking on this link: http://www.amazon.com/s/?tag=duc0c-20&url=search-alias%3Daps&field-k...
Your mail client will have no access to your Amazon account, but the search request will still be executed.
On 05/12/2015 03:46 PM, Andrew Davidson wrote:
I wasn't sufficiently clear, I don't intend to scrape the data and embed it into another application.
I plan to have the application redirect to RC itself, in the browser. The other application will never have access to the results of that page and it will not redirect back.
It is not possible at the moment. Search requests use AJAX technique, so it's not possible to do a redirect to search.
ano kajan
Sent from Type Mail
On 9:47PM, May 12, 2015, at 9:47PM, Andrew Davidson andrew@amdavidson.com wrote:
On 2015-05-12 09:37, Reindl Harald wrote:
read the wiki article
CSRF is not about "verify authentication state", it is about a link from the attacker leads in trigger a action in a web-application *because you are authenticated* and hence there is a CRSF-token
I wasn't sufficiently clear, I don't intend to scrape the data and embed it into another application.
I plan to have the application redirect to RC itself, in the browser. The other application will never have access to the results of that page and it will not redirect back.
Again, no different than you clicking on this link: http://www.amazon.com/s/?tag=duc0c-20&url=search-alias%3Daps&field-k...
Your mail client will have no access to your Amazon account, but the search request will still be executed. _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users