GMail recently fixed a CSRF vulnerability but not before someone lost their domain name to an attacker. A very brief summary of how to avoid the same mistake in your web apps.
2 comments
Avoiding cross site request forgery in your web apps | Heykuki News