Building in CSRF prevention #82
Labels
No Label
bug
enhancement
good first issue
halted
help wanted
security
wait for upstream
wait to be tested
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: b3yond/ticketfrei#82
Loading…
Reference in New Issue
There is no content yet.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?
Author: @b3yond Posted at: 27.01.2019 15:37
To prevent CSRF attacks, there is now a CSRF token at post requests which is checked against a CSRF cookie.
Even if an attacker generates a malicious form now, it will be checked against the CSRF token in the cookie, which they can't read - therefore only post requests from forms generated by the ticketfrei server will be accepted by it.