You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by "Alexander Shorin (JIRA)" <ji...@apache.org> on 2014/11/25 19:55:12 UTC

[jira] [Commented] (COUCHDB-1102) Open to CSRF

    [ https://issues.apache.org/jira/browse/COUCHDB-1102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14224994#comment-14224994 ] 

Alexander Shorin commented on COUCHDB-1102:
-------------------------------------------

Reopen since this affects not only Futon.

> Open to CSRF
> ------------
>
>                 Key: COUCHDB-1102
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1102
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: Sam Bisbee
>            Priority: Critical
>
> Currently there is no CSRF prevention in either Futon or the HTTP API.
> Discussion from the dev mailing list: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201103.mbox/%3C20110321225441.GV22458@orbital%3E
> The proposal to resolve: https://gist.github.com/817490
> Adding this ticket to track progress.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)