---
** [tickets:#7685] Subscribe/unsubscribe action should use POST**
**Status:** open
**Milestone:** unreleased
**Labels:** sf-current sf-2
**Created:** Tue Sep 16, 2014 05:35 AM UTC by Igor Bondarenko
**Last Updated:** Mon Jun 01, 2015 07:47 PM UTC
**Owner:** nobody
Currently all of subscribe/unsubscribe buttons (in the topbar of any tool's
page and in the wiki sidebar) are using GET to make an action. Their should
require POST to avoid CSRF.
See also discussion at [#4905]
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed
to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is
a mailing list, you can unsubscribe from the mailing list.
