Files @ 9b74296e6af6
Branch filter:

Location: kallithea/tox.ini

9b74296e6af6 212 B text/x-ini Show Annotation Show as Raw Download as Raw
Søren Løvborg
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)

Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).

This commit blocks such GET request, preventing CSRF attacks.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
[tox]
minversion = 1.8
envlist = py{26,27}-{pytest,nose}

[testenv]
setenv =
    PYTHONHASHSEED = 0
deps =
    nose: nose
    pytest: pytest
commands =
    nose: nosetests {posargs}
    pytest: py.test {posargs}
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.