-
Notifications
You must be signed in to change notification settings - Fork 529
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF validation is incomplete #970
Comments
vietj
pushed a commit
that referenced
this issue
Jul 12, 2018
#970 (cherry picked from commit 482bc72)
19 tasks
|
after upgrading from 3.5.2 to 3.5.3 , csrf is always failing ... |
|
@razzbee please update your issue #979 with an reproducer, my guess is that you're not sending the cookie back to the server which is what this issue fixed. If you don't then you're open to replay attacks (which this fix fixes). But again, that is my guess, so without a real reproducer I can't really tell. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CSRFHandler fails to verify that the valid token also matches the Cookie value.
The text was updated successfully, but these errors were encountered: