New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some routes need to be POST #5541

Closed
Unknwon opened this Issue Dec 5, 2018 · 0 comments

Comments

1 participant
@Unknwon
Copy link
Member

Unknwon commented Dec 5, 2018

State changing action should always be POST and so protected by CSRF too.

This doesn't happen in the following UI endpoints:

  • following / unfollowing a user
  • starring / unstarring repository
  • watching / unwatching repository
  • logging out

Reported by @cezar97.

@Unknwon Unknwon added this to the 0.12 milestone Dec 5, 2018

Unknwon added a commit that referenced this issue Dec 7, 2018

templates: make state changing routes to POST method (#5541)
- pkg/context: add ParamsUser to unify the injection process

@Unknwon Unknwon closed this Dec 7, 2018

Thonnn added a commit to Thonnn/gogs that referenced this issue Dec 17, 2018

templates: make state changing routes to POST method (gogs#5541)
- pkg/context: add ParamsUser to unify the injection process
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment