Tuesday, 2 April 2013

To Read: A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications

This looks like a promising way to deal with CSRF:

A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications (PDF)