Steven D'Aprano <st...@pearwood.info> writes: >> The issue ... is cross-site request forgery. > Er, you may have missed that I'm talking about a single user setup. Are you > suggesting that I can't trust myself not to forge a request that goes to a > hostile site?
I think the idea is you visit some website with malicious script that accesses your localhost resources from your browser. So it's not a matter of trusting yourself. Rather, it's one of trusting every website you visit, including the ad servers they transclude, etc. -- https://mail.python.org/mailman/listinfo/python-list
