@@ -19,7 +19,7 @@ the one that required them to log in), they will get the exceedingly unpleasant Request Forgery error. Imagine spending twenty minutes crafting a devastating critique of this week's Battlestar Galactica episode, finding you need to log in before posting -- but then getting a Request Forgery when you re-attempt the -post. Frak! Thus, it's disabled by defauly. +post. Frak! Thus, it's disabled by default. On the other hand, this does moderately reduce your defense-in-depth against a "Cross-Site Request Forgery":http://en.wikipedia.org/wiki/CSRF attack. To notes/Tradeoffs.txt 2c74378420fcc0a47e2b23cd9f96ffa7caf34a8d Matt Duncan mrduncan@gmail.com http://github.com/technoweenie/restful-authentication/commit/58c8bc1d544cf90e25c4beb3267ff35a1a7fcf25 58c8bc1d544cf90e25c4beb3267ff35a1a7fcf25 2008-06-30T13:45:00-07:00 2008-06-30T13:45:00-07:00 Fixed typo in tradeoffs readme 86716fd0597b8be37ab4de7fd14c6d4f796eed37 Matt Duncan mrduncan@gmail.com