#7847: Emptying the trash in Firefox 3.5.6 displays a "Forbidden No referer
found. Forbidden." page
------------------------+---------------------------------------------------
Reporter: mpatel | Owner: was
Type: defect | Status: needs_review
Priority: major | Milestone: sage-4.3.1
Component: notebook | Keywords:
Work_issues: | Author:
Upstream: N/A | Reviewer:
Merged: |
------------------------+---------------------------------------------------
Changes (by timdumol):
* cc: jason (added)
Comment:
Good job fixing the problem, but unfortunately your patch means anyone can
cause you to empty your trash.
The reason for the HTTP-Referer check was actually security. Without it,
anyone could have sent you a link to http://localhost:8000/emptytrash (or
http://sagenb.org/emptytrash) and empty one's trash. This was clearly the
wrong approach though.
This new patch accepts only POST requests, which should be much more
secure.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/7847#comment:3>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
