2008-11-16 11:31:12 -05:00
USING: help.markup help.syntax io.streams.string
2008-11-24 21:26:11 -05:00
furnace.utilities ;
2008-11-14 05:01:26 -05:00
IN: furnace.referrer
HELP: <check-form-submissions>
{ $values
{ "responder" "a responder" }
{ "responder'" "a responder" }
}
{ $description "Wraps the responder in a filter responder which ensures that form submissions originate from a page on the same server. Any submissions which do not are sent back with a 403 error." } ;
ARTICLE: "furnace.referrer" "Form submission referrer checking"
"The " { $vocab-link "furnace.referrer" } " implements a simple security measure which can be used to thwart cross-site scripting attacks."
2009-10-01 15:56:36 -04:00
{ $subsections <check-form-submissions> }
2008-11-16 11:31:12 -05:00
"Explicit referrer checking:"
2009-10-01 15:56:36 -04:00
{ $subsections
referrer
same-host?
} ;
2008-11-14 05:01:26 -05:00
ABOUT: "furnace.referrer"
