Open gitblit opened 9 years ago
Ugh. This one is my least favorite. Not sure how best to tackle it.
Thanks for taking the time to audit Gitblit.
Reported by James.Moger
on 2014-09-05 23:23:23
Authrization check before execution might help
Reported by srbala
on 2014-09-09 13:04:01
Can you send a single use csrf token across as a parameter of the delete link? Which
would be checked against the csrf value set in the session when the link was rendered
for a user.
Reported by 1988porsche944
on 2014-09-12 09:42:24
I can do that for now. Long-term Gitblit is trying to go stateless (& session-less)
as much as possible so eventually a different strategy will need to be employed.
Reported by James.Moger
on 2014-09-12 13:29:38
Originally reported on Google Code with ID 499
Reported by
1988porsche944
on 2014-09-05 13:47:27