[jira] [Commented] (COUCHDB-2769) Indicate when CSRF protection is active

ASF GitHub Bot (JIRA) Sat, 15 Aug 2015 10:13:28 -0700

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14698358#comment-14698358
 ]


ASF GitHub Bot commented on COUCHDB-2769:
-----------------------------------------

Github user robertkowalski closed the pull request at:

    https://github.com/apache/couchdb-fauxton/pull/497


> Indicate when CSRF protection is active
> ---------------------------------------
>
>                 Key: COUCHDB-2769
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2769
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Fauxton
>            Reporter: Robert Newson
>            Assignee: Robert Kowalski
>
> Any request that was protected by CouchDB's native CSRF prevention system 
> will return a X-CouchDB-CSRF-Valid response header with value "true".
> Indicate on every screen whether this happens or not. Doesn't have to be 
> prominent but should always be present (indicating protected vs not protected 
> clearly).
> Suggestion is the phrase "CSRF protected" appears in green vs "CSRF 
> vulnerable" in red somewhere in the bottom left where Logout and logo live.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (COUCHDB-2769) Indicate when CSRF protection is active

Reply via email to