A vision for Gemini applications

[solderpunk]

On Wed, Jun 17, 2020 at 10:02:21AM +0000, solderpunk wrote:
 
> In general, requiring all non-idempotent requests to use a query and
> recommending clients to strip (or ask for confirmation of) queries found
> in links and redirects, might be enough to solve the worst of the
> problem.

Of course, it only takes *one* popular client not bothering to do this
to make all apps relying on it vulnerable, so really robust ones are
probably going to have to faff about with nonces anyway.

Cheers,
Solderpunk