Jason McBrayer jmcbray at carcosa.net
Tue Jun 16 16:12:22 BST 2020
- - - - - - - - - - - - - - - - - - -
Francesco Gazzetta <fgaz at fgaz.me> writes:
CSRF protection via non-native nonces is ugly, can we do better than
the web?
My swimming-against the current proposal: all Gemini requests must beidempotent. The easy way to make a request idempotent is to make it haveno side-effects.
Yes, this effectively limits Gemini to a document-delivery protocol, andstrictly constrains what apps could be built on top of it. That may notbe a bad thing.
-- +-----------------------------------------------------------+ | Jason F. McBrayer jmcbray at carcosa.net | | If someone conquers a thousand times a thousand others in | | battle, and someone else conquers himself, the latter one | | is the greatest of all conquerors. --- The Dhammapada |