Closed dereks closed 6 years ago
I just found this by accident:
http://seclists.org/fulldisclosure/2015/Mar/152
Realms Wiki is vulnerable to Cross-Site Request Forgery on all posts. Especially of concern are New, Edit, and Revert.
Has this security issue been fixed yet?
If not, I'm willing to fix this by implementing a "Cookie-to-Header Token" check for all pages:
https://en.wikipedia.org/wiki/Cross-site_request_forgery#Prevention
Thanks!
This is still an issue, a PR is welcome.
I just found this by accident:
http://seclists.org/fulldisclosure/2015/Mar/152
Has this security issue been fixed yet?
If not, I'm willing to fix this by implementing a "Cookie-to-Header Token" check for all pages:
https://en.wikipedia.org/wiki/Cross-site_request_forgery#Prevention
Thanks!