- changed status to resolved
"Leave group" feature is vulnerable to CSRF
Issue #43
resolved
The request for leaving a group is a simple GET-request to "./leave_group". This is subject to a CSRF-attack. Should fix, probably using the "check_csrf" feature of the views, similarly to other places.
Comments (1)
-
reporter - Log in to comment
Add CSRF token to the "Leave group" button (fixes
#43)→ <<cset 192d3512da08>>