---
** [tickets:#7685] Subscribe/unsubscribe action should use POST**
**Status:** open
**Milestone:** limbo
**Created:** Tue Sep 16, 2014 05:35 AM UTC by Igor Bondarenko
**Last Updated:** Tue Sep 16, 2014 05:35 AM UTC
**Owner:** nobody
Currently all of subscribe/unsubscribe buttons (in the topbar of any tool's
page and in the wiki sidebar) are using GET to make an action. Their should
require POST to avoid CSRF.
See also discussion at [#4905]
---
Sent from sourceforge.net because dev@allura.apache.org is subscribed to
https://sourceforge.net/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
