+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: CSRF: Flash + 307 redirect = Game Over (/showthread.php?tid=38625)
CSRF: Flash + 307 redirect = Game Over - El Forum - 02-14-2011
[eluser]Unknown[/eluser]
Does anyone know if this security issue affects CodeIgniter's CSRF protection?
http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html
An fix for Rails' protection has already been released:
http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails