Message5944
The first attempts to fix this have been pushed to the repo.
I still have to invalidate the token if it is used in a
get request so the token can't be replayed before it
times out.
However people should not be using the token in a get request.
But I also know people will. (I may even have accidently made
that mistake converting the roundup supplied trackers.)
see
https://sourceforge.net/p/roundup/code/ci/47bd81998ddc9de40f8a0f97f90b84863a21b93f/
for the final csrf patch. |
|
Date |
User |
Action |
Args |
2017-03-19 17:04:25 | rouilj | set | messageid: <1489943065.8.0.450565123539.issue2550690@psf.upfronthosting.co.za> |
2017-03-19 17:04:25 | rouilj | set | recipients:
+ rouilj, schlatterbeck, ber, joseph_myers, eadler |
2017-03-19 17:04:25 | rouilj | link | issue2550690 messages |
2017-03-19 17:04:24 | rouilj | create | |
|