Project

General

Profile

Bug #5271

Add xsrf code to core

Added by Jan Klopper over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
PageMaker
Target version:
-
Start date:
2017-08-17
Due date:
% Done:

0%

Estimated time:

Description

We should have the core set and check for xsrf tokens.

A xsrf property on the pagemaker should return the current xsrf token and set a cookie holding it.
On non get requests the pagemaker should then set a invalid_xsrf flag if there's no post field containing the same xsrf token as the pervious property returns.
This flag can then be used to empty the post data and show an error page trough a decorator or even in the users init.

Also available in: Atom PDF