#3796: remove _csrf_token from display URLs
-------------------------+------------------------------
Reporter: till | Owner: webmaster
Type: enhancement | Status: new
Priority: major | Milestone: HANDWAVY-FUTURE
Component: Web Content | Version:
Severity: Normal | Resolution:
Keywords: EasyFix | Blocked By:
Blocking: | Sensitive: 0
-------------------------+------------------------------
Comment (by docent):
Hmm do You think that JavaScript method is a good solution? Looks like
workaround rather than solid solution. Read this
https://www.owasp.org/index.php/Cross-
Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL
If so - I could take this ticket so I will be able to go through all those
webapps and learn those a little.
--
Ticket URL:
<https://fedorahosted.org/fedora-infrastructure/ticket/3796#comment:3>
Fedora Infrastructure <http://fedoraproject.org/wiki/Infrastructure>
Fedora Infrastructure Project for Bugs, feature requests and access to our
source code.
--
websites mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/websites
