1- POSTs cannot be forwarded
2- some browsers (webkit only I believe) require a client to interact with a domain before they can POST to it-- this means iframes cannot POST.
When it comes to XSRF, they are equally (in)secure.
1- POSTs cannot be forwarded
2- some browsers (webkit only I believe) require a client to interact with a domain before they can POST to it-- this means iframes cannot POST.
When it comes to XSRF, they are equally (in)secure.