cse-fire / fire / issues / #43 - "Leave group" feature is vulnerable to CSRF — Bitbucket

Issue #43 resolved

Evgeny Kotelnikov created an issue 2014-10-13

The request for leaving a group is a simple GET-request to "./leave_group". This is subject to a CSRF-attack. Should fix, probably using the "check_csrf" feature of the views, similarly to other places.

Comments (1)

Evgeny Kotelnikov reporter
- changed status to resolved
Add CSRF token to the "Leave group" button (fixes ~~#43~~)

→ <<cset 192d3512da08>>
- 2014-10-13T16:40:17+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: resolved

Component: –

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!