---
** [tickets:#7026] Require POST for follow/unfollow actions**
**Status:** open
**Labels:** activitystreams security
**Created:** Mon Jan 06, 2014 07:47 PM UTC by Dave Brondsema
**Last Updated:** Mon Jan 06, 2014 07:47 PM UTC
**Owner:** nobody
`def follow` in `forgeactivity/main.py` should require POST. And templates and
tests should be changed to send posts (and don't forget the csrf token).
---
Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed
to https://sourceforge.net/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
