Files @ 9b74296e6af6
Branch filter:

Location: kallithea/docs/index.rst - annotation

9b74296e6af6 1.2 KiB text/prs.fallenstein.rst Show Source Show as Raw Download as Raw
Søren Løvborg
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)

Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).

This commit blocks such GET request, preventing CSRF attacks.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
5f481e4e888b
5f481e4e888b
22a3fa3c4254
beb4cbf30d00
22a3fa3c4254
22a3fa3c4254
03bbd33bc084
bdd1ddd05b7c
03bbd33bc084
03bbd33bc084
5f481e4e888b
03bbd33bc084
03bbd33bc084
03bbd33bc084
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
154becd92f40
5f481e4e888b
64b1a2320bcb
d95ea48af67b
e69d34136be5
3389f272ece1
57caeb60c52b
8b8edfc25856
bb35ad076e2f
bb35ad076e2f
bb35ad076e2f
bb35ad076e2f
bb35ad076e2f
bbd499c7b55e
601282d36c06
aa17c7a1b8a5
bbd499c7b55e
beb4cbf30d00
22a3fa3c4254
beb4cbf30d00
beb4cbf30d00
beb4cbf30d00
beb4cbf30d00
2079e864ce51
beb4cbf30d00
af371e206ec5
4d076981a7b1
aa90719e8520
4d076981a7b1
22a3fa3c4254
bb35ad076e2f
bb35ad076e2f
bb35ad076e2f
8b8edfc25856
bb35ad076e2f
42a87338035a
5f481e4e888b
bb35ad076e2f
bb35ad076e2f
bb35ad076e2f
9da24750f563
bb35ad076e2f
b43a121f3137
b43a121f3137
8b8edfc25856
bb35ad076e2f
5f481e4e888b
a60cd29ba7e2
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
fbbe80e3322b
a60cd29ba7e2
5f481e4e888b
5f481e4e888b
5f481e4e888b
9472a0150bf0
5f481e4e888b
a60cd29ba7e2
a60cd29ba7e2
a60cd29ba7e2
8b8edfc25856

.. _index:

#######################
Kallithea Documentation
#######################

**Readme**

.. toctree::
   :maxdepth: 1

   readme

**Installation**

.. toctree::
   :maxdepth: 1

   overview
   installation
   installation_win
   installation_win_old
   installation_iis
   setup
   installation_puppet

**Usage**

.. toctree::
   :maxdepth: 1

   usage/general
   usage/vcs_support
   usage/locking
   usage/statistics

**Administrator's guide**

.. toctree::
   :maxdepth: 1

   usage/email
   usage/performance
   usage/backup
   usage/debugging
   usage/troubleshooting

**Development**

.. toctree::
   :maxdepth: 1

   contributing
   changelog

**API**

.. toctree::
   :maxdepth: 1

   api/api
   api/models


Other topics
------------

* :ref:`genindex`
* :ref:`search`


.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _django: http://www.djangoproject.com/
.. _mercurial: http://mercurial.selenic.com/
.. _bitbucket: http://bitbucket.org/
.. _subversion: http://subversion.tigris.org/
.. _git: http://git-scm.com/
.. _celery: http://celeryproject.org/
.. _Sphinx: http://sphinx.pocoo.org/
.. _vcs: http://pypi.python.org/pypi/vcs
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.