Preventing CSRF Attacks with AJAX and HTTP Headers

About two weeks ago, I discovered a CSRF vulnerability on a well-known website (I won’t mention it by name). The vulnerability itself was fairly mundane: one of their scripts lacked tokens or any other form of CSRF protection. I sent in an email to their security team to let them know about it and went on my way.

 Alexander

Good article about ZF and CSRF http://plutov.by/post/zf_csrf