From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 16 Jan 2014 12:14:52 +0100 Subject: authentication support: work has begun! In-Reply-To: <14648906.FqII7cU9cN@al> References: <14648906.FqII7cU9cN@al> Message-ID: On Wed, Jan 15, 2014 at 10:28 AM, Peter Wu wrote: > While the referrer part may not be that easily spoofable Note that as of b826537 we no longer rely on the referer and instead use a hidden html form with a secured value. This also doubles as CSRF protection.