You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Robert Kowalski (JIRA)" <ji...@apache.org> on 2015/08/17 01:40:45 UTC

[jira] [Resolved] (COUCHDB-2769) Indicate when CSRF protection is active

     [ https://issues.apache.org/jira/browse/COUCHDB-2769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Kowalski resolved COUCHDB-2769.
--------------------------------------
    Resolution: Fixed

> Indicate when CSRF protection is active
> ---------------------------------------
>
>                 Key: COUCHDB-2769
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2769
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Fauxton
>            Reporter: Robert Newson
>            Assignee: Robert Kowalski
>
> Any request that was protected by CouchDB's native CSRF prevention system will return a X-CouchDB-CSRF-Valid response header with value "true".
> Indicate on every screen whether this happens or not. Doesn't have to be prominent but should always be present (indicating protected vs not protected clearly).
> Suggestion is the phrase "CSRF protected" appears in green vs "CSRF vulnerable" in red somewhere in the bottom left where Logout and logo live.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)