Closed coldwaterq closed 10 years ago
Many places check method get, and if it is not get it assumes it is post. CSRF only is applied on POST requests so all assumed post requests need to be checked to make sure they are post requests.
Many places check method get, and if it is not get it assumes it is post. CSRF only is applied on POST requests so all assumed post requests need to be checked to make sure they are post requests.