Y
Hacker News
new
|
ask
|
show
|
jobs
by
bluefinity
4507 days ago
You can do the same thing with POST by submitting a form with JS. The correct way to protect against this sort of thing is to use a CSRF token.
1 comments
oneeyedpigeon
4507 days ago
Submitting a form with JS is a whole other level of complexity than just having a link out there in the wild that performs write operations. And using a CSRF defeats that stated intent.
link