Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Security vulnerability with proxy view and csrf/sessionid cookie #1308
Passing this on from Adam Ziaja - the proxy view sends the csrf/sessionid cookie values to the destination URL, from where they could be collected to spoof a login. Proxy could also be used to access localhost:
I wrote it late at night so sorry for my english language skills ;).