Skip to content

Csrf token, headers and better forms #500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
msquare merged 3 commits into from
Nov 21, 2018
Merged

Csrf token, headers and better forms #500

msquare merged 3 commits into from
Nov 21, 2018

Conversation

@MyIgel
Copy link
Member

@MyIgel MyIgel commented Nov 20, 2018

Some (older) fixes for potential csrf problems that I had laying around for a while and a bigger change to require POST for forms

  • Added additional headers to the response
  • Implemented a csrf token
  • Changed forms to validate that they are send as POST

@MyIgel
Added csrf middleware
412fd16
@MyIgel
Added additional headers
02b3891
@MyIgel
Require POST for sending forms
fa798c0 
* Ensure that the form is submitted with a post request
* Replaced several links with forms

Closes engelsystem#494 (Security Vulnerability)
@MyIgel MyIgel added Type: Bug(fix) A bug or a fix for a bug. Type: Refactor Make the code better. labels Nov 20, 2018
@MyIgel MyIgel added this to the 35c3 milestone Nov 20, 2018
@msquare msquare merged commit 944c29b into engelsystem:master Nov 21, 2018
@MyIgel MyIgel deleted the csrf branch November 21, 2018 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Type: Bug(fix) A bug or a fix for a bug. Type: Refactor Make the code better.

Projects

None yet

Milestone

35c3

Development

Successfully merging this pull request may close these issues.

2 participants

@MyIgel @msquare