id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16010	Support Origin header checking in the CSRF middleware	davidben	Tim Graham	The Origin header has been implemented now in WebKit-based browsers (see http://www.browserscope.org/), and Mozilla also has a ticket for it (https://bugzilla.mozilla.org/show_bug.cgi?id=446344). This patch implements the check when the browser supports it without relying on it for CSRF checking. It should provide better protection against cross-subdomain CSRF attacks when it can be used.	New feature	closed	CSRF	dev	Normal	fixed		davidben cmawebsite@… Adam Johnson	Ready for checkin	1	0	0	0	0	0