This is only accessed directly via library, so CSRF isn't a factor. Also, everyt... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		timdorr on Feb 14, 2013 \| parent \| context \| favorite \| on: Unofficial documentation of the Tesla Model S REST... This is only accessed directly via library, so CSRF isn't a factor. Also, everything is happening over SSL.

mikeash on Feb 14, 2013 [–]

SSL wouldn't save you, but if you never get the magic cookie into a browser then you're safe from XSRF.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact