Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-1102

Open to CSRF

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Duplicate
    • None
    • None
    • HTTP Interface
    • None
    • Dont Know

    Description

      Currently there is no CSRF prevention in either Futon or the HTTP API.

      Discussion from the dev mailing list: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201103.mbox/%3C20110321225441.GV22458@orbital%3E

      The proposal to resolve: https://gist.github.com/817490

      Adding this ticket to track progress.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. COUCHDB-2762 Add CSRF protection

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              sbisbee Sam Bisbee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: