OF-777 CVE-2015-6973 CSRF protection (partial)
Extending the previous commit, this adds CSRF to a number of high-value target pages, including user password changing, dleetion, lockout, etc, and also for the login page (to avoid a class of attack we probably don't care about). The CSRF mechanism requires manual addition to each form, but has been design reviewed by Simon Waters (Surevine Ltd).
Showing
Please register or sign in to comment