[jira] [Commented] (COUCHDB-2762) Add CSRF protection

ASF subversion and git services (JIRA) Tue, 18 Aug 2015 02:55:33 -0700

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14701018#comment-14701018
 ]


ASF subversion and git services commented on COUCHDB-2762:
----------------------------------------------------------

Commit 8aa7adfb4166123d27b1288fa9d06d560ac2c2c0 in couchdb-chttpd's branch 
refs/heads/master from [~rnewson]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb-chttpd.git;h=8aa7adf ]

Whitelist CSRF header for CORS

x-couchdb-csrf is a permitted request header
x-couchdb-csrf-valid is a permitted response header

COUCHDB-2762


> Add CSRF protection
> -------------------
>
>                 Key: COUCHDB-2762
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2762
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>            Reporter: Robert Newson
>            Assignee: Robert Newson
>             Fix For: 2.0.0
>
>
> Add support for the "double submit cookie" CSRF protection.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (COUCHDB-2762) Add CSRF protection

Reply via email to