- **Size**: --> 1
--- ** [tickets:#7026] Require POST for follow/unfollow actions** **Status:** open **Labels:** activitystreams security **Created:** Mon Jan 06, 2014 07:47 PM UTC by Dave Brondsema **Last Updated:** Mon Jan 06, 2014 07:47 PM UTC **Owner:** nobody `def follow` in `forgeactivity/main.py` should require POST. And templates and tests should be changed to send posts (and don't forget the csrf token). --- Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
