You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2015/08/05 15:37:04 UTC
[jira] [Created] (COUCHDB-2769) Indicate when CSRF protection is
active
Robert Newson created COUCHDB-2769:
--------------------------------------
Summary: Indicate when CSRF protection is active
Key: COUCHDB-2769
URL: https://issues.apache.org/jira/browse/COUCHDB-2769
Project: CouchDB
Issue Type: Improvement
Security Level: public (Regular issues)
Reporter: Robert Newson
Any request that was protected by CouchDB's native CSRF prevention system will return a X-CouchDB-CSRF-Valid response header with value "true".
Indicate on every screen whether this happens or not. Doesn't have to be prominent but should always be present (indicating protected vs not protected clearly).
Suggestion is the phrase "CSRF protected" appears in green vs "CSRF vulnerable" in red somewhere in the bottom left where Logout and logo live.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)