b3yond
/
ticketfrei
1
0
Fork 0
Code Issues 28 Pull Requests Releases Wiki Activity

Building in CSRF prevention #82

New Issue
Closed
opened 2019-06-10 09:49:43 +00:00 by b3yond · 0 comments
b3yond commented 2019-06-10 09:49:43 +00:00
Owner

Author: @b3yond Posted at: 27.01.2019 15:37

To prevent CSRF attacks, there is now a CSRF token at post requests which is checked against a CSRF cookie.

Even if an attacker generates a malicious form now, it will be checked against the CSRF token in the cookie, which they can't read - therefore only post requests from forms generated by the ticketfrei server will be accepted by it.

Author: @b3yond Posted at: 27.01.2019 15:37 To prevent CSRF attacks, there is now a CSRF token at post requests which is checked against a CSRF cookie. Even if an attacker generates a malicious form now, it will be checked against the CSRF token in the cookie, which they can't read - therefore only post requests from forms generated by the ticketfrei server will be accepted by it.
b3yond added the
security
 label 2019-06-10 09:49:43 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
refactoring
stable2
master
stable3
feature/ping
coc
stable1
2.1.4
2.1.3
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.1
2.0.0beta
1.0
Labels
Clear labels   
bug
   
enhancement
   
good first issue
   
halted
   
help wanted
   
security
   
wait for upstream
   
wait to be tested
No Label
bug
enhancement
good first issue
halted
help wanted
security
wait for upstream
wait to be tested
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: b3yond/ticketfrei#82
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?