Files @ 9b74296e6af6
Branch filter:

Location: kallithea/requirements.txt - annotation

9b74296e6af6 228 B text/plain Show Source Show as Raw Download as Raw
Søren Løvborg
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)

Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).

This commit blocks such GET request, preventing CSRF attacks.
1
2
3
4
941548131765
941548131765
941548131765
941548131765

# requirements.txt file for use as "pip install -r requirements.txt" as a
# readthedocs compatible alternative to "pip install -e ." which is a working
# alternative to "setup.py develop" which doesn't work with Mercurial 3.7
.
Server instance: clio-1729 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support