Files @ 9b74296e6af6
Branch filter:

Location: kallithea/docs/readme.rst

9b74296e6af6 42 B text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Søren Løvborg
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)

Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).

This commit blocks such GET request, preventing CSRF attacks.
1
2
3
.. _readme:

.. include:: ./../README.rst
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.