Files @ ae947de541d5
Branch filter:

Location: kallithea/docs/readme.rst

ae947de541d5 42 B text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Mads Kiilerich
auth: check CSRF protection token when authenticating

Use pylons secure_form to get CSRF protection on all authenticated POSTs. This
fixes CVE-2015-0276.

GETs should not have any side effects and do thus not need CSRF protection.

Reported by Paul van Empelen.
1
2
3
.. _readme:

.. include:: ./../README.rst
Server instance: clio-10589 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support