Ticket #1831 (new defect)

Opened 12 years ago

Last modified 11 years ago

Check that a POST comes from the same server

Reported by: madarche Owned by: madarche
Priority: P3 Milestone: CPS 3.5.7
Component: CPS (global) Version: TRUNK
Severity: major Keywords: security XSS
Cc:

Description

 http://www.sencer.de/article/122/securing-forms-with-post-is-not-enough

We should automatically add a cryptographic nonce (formkey) to the forms we generate, to prevent this.

This ticket is related to #630.

Change History

comment:1 Changed 12 years ago by madarche

  • Priority changed from P2 to P3

comment:2 Changed 11 years ago by madarche

  • Milestone changed from CPS 3.4.7 to CPS 3.5.0
Note: See TracTickets for help on using tickets.