|
|
|
|
|
|
by etc_passwd
4711 days ago
|
|
|
CSRF tokens are designed to protect users from CSRF attacks from other sites. The example you posted requires the username and password, which renders the token anyways. A cross-domain post to HN from a rogue site will not be able to know the CSRF token since it does not have knowledge of your SID, rendering this attack not viable in practice. More Info: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(... |
|
|