The vulnerability known as A5 - Cross-Site Request Forgery (CSRF) has many names including session riding and one-click attack. It's a blind attack in the sense that the attacker is not directly attacking the application, but rather tricks a user into doing the attack for him. In this article we'll look at what's going on, how to fix it and also look at an attack specific to single page web applications.
I recently presented on Web application security at Framsia (a user group for frontend development). Great crowd and lots of questions and good feedback afterwards. The slides from the presentation can be found below.
$.get(), $.post(), $.getJSON()etc.) and it would be a shame if you would have to duplicate adding CSRF tokens to all your ajax calls manually or by going back to
$.ajax(), because the convenience method didn't support the way you wanted to add the token. But jQuery, being the customizable framework it is, of course allows you to add these kinds of things through events.
In an IdP/SP (Identity Provider/Service Provider) Single Sign-On scenario, you might also want to have Single Sign-Out, meaning you can log out of all SPs with a single click.