|
|
|
|
|
|
by LukeB_UK
4239 days ago
|
|
|
Wicket doesn't actually say it prevents CSRF, it says: Sometimes URLs are a double–edged sword for our site because they can expose too many details about the internal structure of our web application and malicious users could exploit them to perform a cross-site request forgery. To me, all this means is that it hides the url parameters so that the users can't find as much about the workings of your app. To simply assume that this is a means for protecting your app entirely from CSRF would be stupid. |
|
|