[WEB SECURITY] CSRF protection: What are the benefits of using the Synchronizer Token Pattern if your application is not vulnerable to XSS and using HTTPS only?

Michal Zalewski lcamtuf at coredump.cx
Sat Apr 23 19:11:35 EDT 2011

[Oh, and if Django is doing that, it doesn't sound too great.]

More information about the websecurity mailing list