Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CSRF checks to administrative actions #20

Closed
kaiyou opened this issue Jun 25, 2016 · 1 comment
Closed

Add CSRF checks to administrative actions #20

kaiyou opened this issue Jun 25, 2016 · 1 comment
Milestone
1.2

Comments

@kaiyou
Copy link
Member

kaiyou commented Jun 25, 2016

Most administrative actions use simple requests with no CSRF check. Those should be added to prevent some attack schemes.
@kaiyou kaiyou added this to the 1.2 milestone Jul 24, 2016
@kaiyou
Copy link
Member Author

kaiyou commented Aug 19, 2016

All sensitive administrative actions require either a form or a confirmation. Thus, implementing confirmations as submitting a form will simplify things and the WTForms CSRF token system will do most of the job.

kaiyou added a commit that referenced this issue Aug 19, 2016
@kaiyou
Add an action confirmation form, related to #20
5a69ada
@kaiyou kaiyou closed this as completed in 84769ca Aug 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.2
Development

No branches or pull requests
1 participant
@kaiyou