fix: invite creation is probable vulnerable to xsrf attacks

byteplow / idd4

my idm ui for ory hydra and kratos

Apache License 2.0

1 stars 0 forks source link

fix: invite creation is probable vulnerable to xsrf attacks #11

Open byteplow opened 2 years ago

byteplow commented 2 years ago

xsrf could achieve invite creation. And there for register an own account.

this should not block a production deployment. As invite registration is more a legal feature. To prevent arbitrary people from being able to singing up and sue me for not comping with gdpr. The can not do this is they fist need an exploit to sing up.

byteplow commented 2 years ago

wonfix unless it need to implement something else which needs it