Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-20579

REST login (create session resource) is not protected against CSRF attack

    XMLWordPrintable

Details

    Description

      Create session REST resource is not protected against CSRF attack.
      See http://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests

      Attachments

        Activity

          People

            Unassigned Unassigned
            petar.spanja-obsolete@ez.no Petar Spanja (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: