[
https://issues.apache.org/jira/browse/COUCHDB-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14662972#comment-14662972
]
ASF GitHub Bot commented on COUCHDB-2762:
-----------------------------------------
GitHub user rnewson opened a pull request:
https://github.com/apache/couchdb-couch/pull/83
Add option to make CSRF cookie mandatory
When enabled, the CSRF cookie/header is required on all requests
except those to the welcome message at /.
COUCHDB-2762
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/cloudant/couchdb-couch 2762-csrf-mandatory
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/couchdb-couch/pull/83.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #83
----
commit 8fc187d79c1573ffa6b61d756f6ad8601243d3ae
Author: Robert Newson <[email protected]>
Date: 2015-08-08T13:03:23Z
Add option to make CSRF cookie mandatory
When enabled, the CSRF cookie/header is required on all requests
except those to the welcome message at /.
COUCHDB-2762
----
> Add CSRF protection
> -------------------
>
> Key: COUCHDB-2762
> URL: https://issues.apache.org/jira/browse/COUCHDB-2762
> Project: CouchDB
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Reporter: Robert Newson
> Assignee: Robert Newson
> Fix For: 2.0.0
>
>
> Add support for the "double submit cookie" CSRF protection.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
