You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2015/09/07 12:27:46 UTC

[jira] [Resolved] (COUCHDB-2797) Apply CSRF protection only to form submissions

     [ https://issues.apache.org/jira/browse/COUCHDB-2797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Newson resolved COUCHDB-2797.
------------------------------------
       Resolution: Fixed
    Fix Version/s: 2.0.0

> Apply CSRF protection only to form submissions
> ----------------------------------------------
>
>                 Key: COUCHDB-2797
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2797
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Robert Newson
>             Fix For: 2.0.0
>
>
> The new CSRF double-submit protection should be applied to form submissions, not all requests. XHR requests, in particular, are not vulnerable to CSRF, so we should skip the check there, saving middleware and other tools the effort of supporting this feature.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)