My normal method of creating a search result bookmark is to create the search and then copy the URL for the "Show Results" menu item. This gives me a URL with search parameters I can bookmark in my browser (I'm not discussing internal RT bookmarks here).
Under the latest RT with CSRF protections (3.8.12 in my case), a CSRF warning comes up when I follow a search results bookmark. Firstly, I think that in general, you do not need to worry much about CSRF if the request method is GET. I do not know the internals of RT, but shouldn't all harmful operations be POSTs? If that were the case, I'd say you don't need to launch a CSRF warning if you follow such a search result URL. Secondly, is there any way to disable such a warning without disabling all CSRF protections? Thanks, Chris
