issues
search
inveniosoftware
/
invenio-rest
REST API support for Invenio.
https://invenio-rest.readthedocs.io
MIT License
2
stars
41
forks
source link
csrf: improve validation
#137
Closed
jrcastro2
closed
3 months ago
jrcastro2
commented
4 months ago
https://github.com/inveniosoftware/invenio-rest/issues/132
With this PR the behaviour changes in the following way
Wrong method returns 405 (before it was returning 400 - Referer checking failed - no Referer.)
Wrong method with wrong token returns wrong token (before it was returning 400 - Referer checking failed - no Referer.)
If no token is set, nothing is checked (before it was returning 400 - Referer checking failed - no Referer.)
With this PR the behaviour changes in the following way
Wrong method returns 405 (before it was returning 400 - Referer checking failed - no Referer.)
Wrong method with wrong token returns wrong token (before it was returning 400 - Referer checking failed - no Referer.)
If no token is set, nothing is checked (before it was returning 400 - Referer checking failed - no Referer.)