You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Igor Bondarenko <je...@gmail.com> on 2015/07/22 17:54:06 UTC

[allura:tickets] Re: Ticket 7685 discussion

I think so. This definitely feels like more than 2.


---

** [tickets:#7685] Subscribe/unsubscribe action should use POST**

**Status:** closed
**Milestone:** unreleased
**Labels:** 42cc sf-current sf-2 
**Created:** Tue Sep 16, 2014 05:35 AM UTC by Igor Bondarenko
**Last Updated:** Wed Jul 22, 2015 03:52 PM UTC
**Owner:** Igor Bondarenko


Currently all of subscribe/unsubscribe buttons (in the topbar of any tool's page and in the wiki sidebar) are using GET to make an action. Their should require POST to avoid CSRF.

See also discussion at [#4905]


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.