hubbub icon indicating copy to clipboard operation
hubbub copied to clipboard
verified publisher icon almost

Stop CSRF comments

Open almost opened this issue 11 years ago • 0 comments

It shouldn't be possible for javascript running on a random domain to add comments. The endpoint should probably check the referer. Might be an issue if the target site is HTTPS.

almost avatar Nov 13 '14 18:11 almost