Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Duplicate
-
None
-
None
-
None
-
Dont Know
Description
Currently there is no CSRF prevention in either Futon or the HTTP API.
Discussion from the dev mailing list: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201103.mbox/%3C20110321225441.GV22458@orbital%3E
The proposal to resolve: https://gist.github.com/817490
Adding this ticket to track progress.
Attachments
Issue Links
- duplicates
-
COUCHDB-2762 Add CSRF protection
- Resolved