-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
extending CSRF support #780
Comments
Hi @fpoulain, could you please tell us what version of Sympa you are using? |
Hi @ikedas, currently we are using Debian Stretch's version (6.2.16). Migrating to Buster is planed. |
Hi @fpoulain, Feature of CSRF tolerance is available on Sympa 6.2.40 or later. On Debian, Sympa with this feature is provided by buster or bullseye. Unfortunately |
Nice. Is it generalized to all forms posts ? |
I think it is generalized to all forms which are provided by WWSympa. |
Close by now. |
Hi,
It would be great if sympa extends CSRF support. Currently, we have some lists opened to subscription with auth (email loop). Those subscribe forms are spamed by bots (thousand per day). We don't have any real solution avoiding this at hosting level.
Several techniques could limit spam, starting with a CSRF token.
I saw that since 2c0e810 and b30815c there is csrf protection. Could it be possible please to (maybe optionally) extends this protection for all public forms?
The text was updated successfully, but these errors were encountered: