|
|
|
|
|
|
by lol768
2610 days ago
|
|
|
>I don't think you would have made that mistake with user-websites being able to log out the user if you had designed with security as an important objective. Really? In my experience not many people care about logout CSRF, it's the lowest of low risk vulns that infosec consultants write in a report when they don't have any real vulnerabilities. I'm not sure its presence really says much about the site overall. Effort is much better spent elsewhere - strict Content-Security-Policy, for example. Or, if there are 'real' CSRF vulns that actually do damage |
|
|