CSRF in Gemini

[Felix Queißner]

Hey!

> I just wrote down a few thoughts about cross-site request forgery in Gemini:

Good read! I thought about that as well…

>> CSRF protection via non-native nonces is ugly, can we do better than
>> the web?
I think one solution would be to force clients to remove queries from
all URLs. It's not a really elegant solution and makes CGI stuff harder
to implement, but will prevent a lot of URL-fuckery. I'm also always
scared when clicking links in interactive things, because double
postings are really easy to achieve with the query appended to URLs.
Hitting refresh in your browser to see new posts? You create a new post
in the guestbook!

While writing this, i got the following idea (which seams reasonable to me):
Specify that a response to INPUT MUST be passed with a query-parameter
"?input=…" where "…" is the data from the user. The data is fully
urlencoded with all forbidden characters(space,?,=,…) replaced with
their percent-encoding.

Also specify that clients SHOULD remove the "input"-parameter between
redirects and in documents using the gemini-scheme.

This allows us to prevent passing accidential or malicious data via
redirects, but doesn't help against a spam-bot that targets a site
directly. It also makes client implementation a bit harder.

Regards
- xq