Roundup Tracker - Issues

Message5944

Author rouilj
Recipients ber, eadler, joseph_myers, rouilj, schlatterbeck
Date 2017-03-19.17:04:24
Message-id <1489943065.8.0.450565123539.issue2550690@psf.upfronthosting.co.za>
In-reply-to
The first attempts to fix this have been pushed to the repo.

I still have to invalidate the token if it is used in a
get request so the token can't be replayed before it
times out.

However people should not be using the token in a get request.
But I also know people will. (I may even have accidently made
that mistake converting the roundup supplied trackers.)

see
https://sourceforge.net/p/roundup/code/ci/47bd81998ddc9de40f8a0f97f90b84863a21b93f/

for the final csrf patch.
History
Date User Action Args
2017-03-19 17:04:25rouiljsetmessageid: <1489943065.8.0.450565123539.issue2550690@psf.upfronthosting.co.za>
2017-03-19 17:04:25rouiljsetrecipients: + rouilj, schlatterbeck, ber, joseph_myers, eadler
2017-03-19 17:04:25rouiljlinkissue2550690 messages
2017-03-19 17:04:24rouiljcreate