Files
@ 1346754f1852
Branch filter:
Location: kallithea/.hgignore - annotation
1346754f1852
341 B
text/plain
forms: don't use secure forms with authentication token for GET requests
The token is secret and should never be used in forms posted with GET which are
URL encoded. aef21d16a262 was too aggresive in using secure forms everywhere
and did thus also incorrectly use them for forms posted with GET.
Some token leakage was reported by Gjoko Krstic <gjoko@zeroscience.mk> of Zero
Science Lab.
The token is secret and should never be used in forms posted with GET which are
URL encoded. aef21d16a262 was too aggresive in using secure forms everywhere
and did thus also incorrectly use them for forms posted with GET.
Some token leakage was reported by Gjoko Krstic <gjoko@zeroscience.mk> of Zero
Science Lab.
a555d8345105 a555d8345105 a555d8345105 3dd89d30cd28 b5c57e2176dc a28bd9cb6549 a28bd9cb6549 7d6c4bd58abd 9885bbacf99c 9885bbacf99c 564e40829f80 564e40829f80 95f1ed68cac1 a555d8345105 9496c047ea4d a555d8345105 a555d8345105 058f63b6c2ff 19267f233d39 b619d9eef67a 058f63b6c2ff 058f63b6c2ff 596eb21f61d5 27c8836e6356 277684f23146 92cacbcb5272 24c0d584ba86 03bbd33bc084 324ac367a4da bd39c1f70e35 bfa66e8887d7 | syntax: glob
*.pyc
*.swp
*.sqlite
*.tox
*.egg-info
*.egg
*.mo
.eggs/
tarballcache/
syntax: regexp
^rcextensions
^build
^dist/
^docs/build/
^docs/_build/
^data$
^kallithea/tests/data$
^sql_dumps/
^\.settings$
^\.project$
^\.pydevproject$
^\.coverage$
^kallithea\.db$
^test\.db$
^Kallithea\.egg-info$
^my\.ini$
^fabfile.py
^\.idea$
^\.cache$
|