Skip to content

Fix CSRF Vulnerability

Compare
Choose a tag to compare
@jwag956 jwag956 released this 08 Jan 19:12
64a7a66

The /login and /change endpoints allowed a GET request to return the users authentication token. That's not good.
Now, as prior to 3.3.0, only successful POSTs can return the token.