web/Zalewski本/第4章 - moin.dnsq.info

web/Zalewski本/第4章について、ここに記述してください。

Hypertext Markup Language

末尾の注意:

A Note on Cross-Site Request Forgery (p. 84)

On all types of cross-domain  navigation,
the browser will transparently include any ambient credentials;
consequently, to the server, 
a request legitimateley originating from tis owen client-side code
will appear roughly the same as a request  originateing forom a rogue third-party site,
and it may be granted the same privileges.

     Applications that fail to account for this possipility
when processing any sensitive, state-changing requests
are said to be vulnerrable to ""cross-site request forgery" (XSRF or CSRF).