Techly NewsGet the app

Get the latest tech news

Cross-Site Request Forgery


Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.

The only false positives (unnecessary blocking) of this algorithm are requests to non-trustworthy (plain HTTP) origins that go through a reverse proxy that changes the Host header. This work is made possible by Geomys, my Go open source maintenance organization, which is funded by Smallstep, Ava Labs, Teleport, Tailscale, and Sentry. Through our retainer contracts they ensure the sustainability and reliability of our open source maintenance work and get a direct line to my expertise and that of the other Geomys maintainers.

Get the Android app

Or read this on Hacker News

« Pebble Time 2 is finally on its way, and we have our first look at its design
Mesmerizing Hypnoloid, a Kinetic Desktop Sculpture »