tigefa4u projects Trac

tigefa4u projects

• Summary
• Files
• Reviews
• Support
• Git ▾
  • Gitlab
  • Notepad++ Plugin Manager - Code
  • MyBB
  • JAMWiki - Code
• SVN ▾
  • Trac
  • Ruby

Menu ▾ ▴

 

• Browse Commits
• Browse Files

Commit [r4254]  Maximize  Restore  History

Improvements to the CSRF protection:

* Only pass the body of `POST` requests to `cgi.FieldStorage` if the request content type corresponds to a form submission.
* Only require the form token for `POST` requests with a content type corresponding to a form submission, fixing XML-RPC (#4122) etc. in a more generic fashion (compared to [4243]).
* The form token cookie is no longer persistent; it is now deleted when the browser session is closed/reset.

Authored by: cmlenz 2006-11-13

Browse code at this revision

Parent: [r4253]

Child: [r4255]

changed	/trunk/trac/web/api.py
changed	/trunk/trac/web/main.py

/trunk/trac/web/api.py Diff Switch to side-by-side view

/trunk/trac/web/main.py Diff Switch to side-by-side view