#3796: remove _csrf_token from display URLs
-------------------------+------------------------------
Reporter: till | Owner: webmaster
Type: enhancement | Status: new
Priority: major | Milestone: HANDWAVY-FUTURE
Component: Web Content | Version:
Severity: Normal | Resolution:
Keywords: EasyFix | Blocked By:
Blocking: | Sensitive: 0
-------------------------+------------------------------
Comment (by docent):
Hmm do You think that JavaScript method is a good solution? Looks like
workaround rather than solid solution. Read this
https://www.owasp.org/index.php/Cross-
Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL
If so - I could take this ticket so I will be able to go through all those
webapps and learn those a little.
--
Ticket URL: <
https://fedorahosted.org/fedora-infrastructure/ticket/3796#comment:3>
Fedora Infrastructure <
http://fedoraproject.org/wiki/Infrastructure>
Fedora Infrastructure Project for Bugs, feature requests and access to our source code.