- **QA**: Dave Brondsema


---

** [tickets:#7026] Require POST for follow/unfollow actions**

**Status:** code-review
**Labels:** activitystreams security 
**Created:** Mon Jan 06, 2014 07:47 PM UTC by Dave Brondsema
**Last Updated:** Mon Jan 13, 2014 10:41 PM UTC
**Owner:** Cory Johns

`def follow` in `forgeactivity/main.py` should require POST.  And templates and 
tests should be changed to send posts (and don't forget the csrf token).


---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed 
to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.

Reply via email to