[jira] [Commented] (COUCHDB-2797) Apply CSRF protection only to form submissions

ASF subversion and git services (JIRA) Fri, 04 Sep 2015 04:42:02 -0700

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14730677#comment-14730677
 ]


ASF subversion and git services commented on COUCHDB-2797:
----------------------------------------------------------

Commit d1dd5d67e25d4190c96f88507fb1ed0c4225baff in couchdb-couch's branch 
refs/heads/master from [~rnewson]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb-couch.git;h=d1dd5d6 ]

Restrict CSRF check to specific mime types

COUCHDB-2797


> Apply CSRF protection only to form submissions
> ----------------------------------------------
>
>                 Key: COUCHDB-2797
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2797
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Robert Newson
>
> The new CSRF double-submit protection should be applied to form submissions, 
> not all requests. XHR requests, in particular, are not vulnerable to CSRF, so 
> we should skip the check there, saving middleware and other tools the effort 
> of supporting this feature.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (COUCHDB-2797) Apply CSRF protection only to form submissions

Reply via email to