Robert Newson created COUCHDB-2797:
--------------------------------------
Summary: Apply CSRF protection only to form submissions
Key: COUCHDB-2797
URL: https://issues.apache.org/jira/browse/COUCHDB-2797
Project: CouchDB
Issue Type: Bug
Security Level: public (Regular issues)
Reporter: Robert Newson
The new CSRF double-submit protection should be applied to form submissions,
not all requests. XHR requests, in particular, are not vulnerable to CSRF, so
we should skip the check there, saving middleware and other tools the effort of
supporting this feature.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
