Y
Hacker News
new
|
ask
|
show
|
jobs
by
AmericanChopper
2480 days ago
That sounds more like an integrity check than a CSRF control. Unless you have poor CORs settings, wouldn’t SOP prevent CSRF on PATCH endpoints anyway?
1 comments
edoceo
2480 days ago
It's that too. My point (still) being that passing state keys is old, common and still in use.
link