You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Changing logout route to POST with CSRF should be enough to prevent this exploit. Any other GET routes should be examined to ensure that nothing is done, as the GET verb should only return and never modify resources.
I have a security bug found!
check out http://try.nodebb.org/topic/95/csrf-attack
The text was updated successfully, but these errors were encountered: