Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help CSRF and double posting
CSRF and double posting
  • Offline spjonez
    Member
  • ***
  • Posts: 213
    Threads: 16
    Joined: Oct 2014
    Reputation: 10
#21
06-21-2016, 08:54 AM
(This post was last modified: 06-21-2016, 09:04 AM by spjonez.)

Narf Wrote:Here's something pedantic: JS and DOM aren't single-threaded, and the latter is not even a relevant term. Browser implementations may be single-threaded - that's a different thing.

Every major browser we have today paints the DOM in a single blocking thread. Sending a synchronous AJAX call blocks this thread. You literally cannot click another link on the page while a request is in progress. From a UX perspective this is a very poor design and that's the reason it's being removed from the spec. If a request takes 1-2s you've locked the entire page for that duration. That's not my idea of "how it works best" and they're removing it to stop people from using it this way.

Web workers are the only way to multi-thread JS and they don't have DOM access which is how they achieve this. Node is also single threaded but it's event loop is non blocking unless you use synchronous methods.

Obviously we don't see eye to eye on this subject. CSRF protection is only one security measure and you should implement multiple to protect yourself. I didn't mean to say CSRF is the only protection you need and you should disable settings willy nilly. It works best in tandem with others which is why I mentioned the iframe block. Apparently I've done a poor job of explaining myself so I'll duck out of this thread now.
Reply


Messages In This Thread
CSRF and double posting - by PaulD - 06-18-2016, 11:03 PM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 12:05 AM
RE: CSRF and double posting - by John_Betong - 06-20-2016, 09:25 PM
RE: CSRF and double posting - by skunkbad - 06-20-2016, 10:55 PM
RE: CSRF and double posting - by PaulD - 06-19-2016, 12:43 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 01:00 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 03:19 AM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 09:30 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 03:06 PM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 03:35 PM
RE: CSRF and double posting - by PaulD - 06-19-2016, 05:59 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 11:18 AM
RE: CSRF and double posting - by Narf - 06-20-2016, 12:26 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 12:37 PM
RE: CSRF and double posting - by Narf - 06-20-2016, 01:49 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 02:32 PM
RE: CSRF and double posting - by PaulD - 06-20-2016, 01:46 PM
RE: CSRF and double posting - by PaulD - 06-20-2016, 04:02 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 07:00 PM
RE: CSRF and double posting - by Narf - 06-21-2016, 03:38 AM
RE: CSRF and double posting - by spjonez - 06-21-2016, 08:54 AM
RE: CSRF and double posting - by Narf - 06-22-2016, 05:14 AM
RE: CSRF and double posting - by Martin7483 - 06-23-2016, 03:35 AM



Theme © iAndrew 2016 - Forum software by © MyBB