• Dave Cridland's avatar
    OF-777 CVE-2015-6973 CSRF protection (partial) · 3a6976f0
    Dave Cridland authored
    Extending the previous commit, this adds CSRF to a number of high-value target
    pages, including user password changing, dleetion, lockout, etc, and also for
    the login page (to avoid a class of attack we probably don't care about).
    
    The CSRF mechanism requires manual addition to each form, but has been
    design reviewed by Simon Waters (Surevine Ltd).
    3a6976f0
Name
Last commit
Last update
..
admin Loading commit data...
database Loading commit data...
openfire Loading commit data...
util Loading commit data...