[WEB SECURITY] CSRF protection: What are the benefits of using the Synchronizer Token Pattern if your application is not vulnerable to XSS and using HTTPS only?
lcamtuf at coredump.cx
Sat Apr 23 19:11:35 EDT 2011
[Oh, and if Django is doing that, it doesn't sound too great.]
More information about the websecurity