You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2015/08/05 15:37:04 UTC

[jira] [Created] (COUCHDB-2769) Indicate when CSRF protection is active

Robert Newson created COUCHDB-2769:
--------------------------------------

             Summary: Indicate when CSRF protection is active
                 Key: COUCHDB-2769
                 URL: https://issues.apache.org/jira/browse/COUCHDB-2769
             Project: CouchDB
          Issue Type: Improvement
      Security Level: public (Regular issues)
            Reporter: Robert Newson


Any request that was protected by CouchDB's native CSRF prevention system will return a X-CouchDB-CSRF-Valid response header with value "true".

Indicate on every screen whether this happens or not. Doesn't have to be prominent but should always be present (indicating protected vs not protected clearly).

Suggestion is the phrase "CSRF protected" appears in green vs "CSRF vulnerable" in red somewhere in the bottom left where Logout and logo live.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)