Hi All One of my colleagues, create tickets frequently in a specific queue. In RT3.8.8 in made a bookmark similar to http://ticket-server/rt/Ticket/Create.html?Queue=XX and directly got to the ticket create page. But in RT4.2, it seems that in order to prevent cross site script, block direct access to ticket creation page.
First, I can understand that blocking direct access to create ticket page is a must in order to prevent cross site forgery, does getting to the first page, which only shows blank page, could causes any problem? I think getting to http://ticket-server/rt/Ticket/Create.html?Queue=XX without any other POST/GET parameter may not be unsafe. Am I wrong? Second, is there any workaround/suggestion to overcome this case? Any comment is appreciated Regards
