_csrf_token (Re: Firefox out of date)

[Matt McCutchen]

On Wed, 2010-09-01 at 10:14 -0400, Paul W. Frields wrote:
> https://admin.fedoraproject.org/updates/firefox-3.6.7-1.fc14,xulrunner-1.9.2.7-2.fc14?_csrf_token=d9a1b71eaac4e787200ef64fb8f8e819a5793074

Yay, now I can perform a CSRF attack on you if you still have that
browser session open.  Symfony shouldn't be putting the token in the URL
where it will get accidentally bookmarked or shared.  I may file a bug.

-- 
Matt