HackerTrans
トップ新着トレンドコメント過去質問紹介求人

jbri

no profile record

コメント

jbri
·14 年前·議論
This doesn't really apply when you are trying to verify whether the client actually performed some action.

In a CSRF scenario, the client itself can presumably be "trusted" - A client behaving maliciously can only hurt itself, not any one else. The important thing is to not trust anything that may have been provided by a third party.