Hacker News new | past | comments | ask | show | jobs | submit login

Hello XSRF! Cookie only authentication? Seriously?



This is only accessed directly via library, so CSRF isn't a factor. Also, everything is happening over SSL.


SSL wouldn't save you, but if you never get the magic cookie into a browser then you're safe from XSRF.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: