Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more csrf checks #3123

Merged
merged 24 commits into from May 28, 2020
Merged

Add more csrf checks #3123

merged 24 commits into from May 28, 2020

Conversation

carakas
Copy link
Member

@carakas carakas commented May 27, 2020

Type

  • Security

Pull request description

Turns out we only checked the csrf token in the delete actions.
I've added it to a bunch of other actions that make changes without using forms (that have their own csrf tokens).
I also added it to all ajax requests. It shouldn't give any issues since I used a header in that case instead of a get or post parameter

@carakas carakas added the security Pull requests that address a security vulnerability label May 27, 2020
@carakas carakas added this to the 5.8.3 milestone May 27, 2020
@carakas carakas requested a review from a team May 27, 2020 15:08
Copy link

@ohvitorino ohvitorino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@carakas carakas merged commit c58b9bc into forkcms:master May 28, 2020
@carakas carakas deleted the add-more-csrf-checks branch May 28, 2020 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security Pull requests that address a security vulnerability
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants