Re: CSRF failures for users that block all cookies. Is my planned solution stupid?

On 11/08/11 01:13, Kevin wrote:
> These ~5% of your userbase is most likely like myself, where I
> block all cookies and add specific sites to an exception
> list.
...
> Another idea is to fetch the form via AJAX and render it
> using Javascript onto the page.

Just a note: if these ~5% are taking the pains to confirm/deny
cookies on a per-site or per-cookie basis, they are also likely
to be flying with NoScript or something similar so an AJAX/JS
solution would likely fall over too. Just speaking as a NoScript
user with FF set to prompt for every cookie/site.

-tim

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.