summaryrefslogtreecommitdiff
path: root/web-ui/config/package.sh
diff options
context:
space:
mode:
authorNavaL <ayoyo@thoughtworks.com>2016-02-24 16:33:20 +0100
committerNavaL <mnandri@thoughtworks.com>2016-02-25 09:17:53 +0100
commit9573bdca55ddc5488066d3af525e41ed1d872ea6 (patch)
tree228ca246c306bd44faa37c01e52c6d7aefec1531 /web-ui/config/package.sh
parentb79035b83e81e4fd654b587426083c6033e695ad (diff)
Backend and frontend protection against csrf attacks:
- root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login - it will also add that cookie on single user mode - initialize will still load all resources - but they you cant access them if the csrf token do not match - all ajax calls needs to add the token to the header - non ajax get requests do not need xsrf token validation - non ajax post will have to send the token in as a form input or in the content Issue #612
Diffstat (limited to 'web-ui/config/package.sh')
0 files changed, 0 insertions, 0 deletions