Details

    • Type: Sub-task
    • Status: To Do
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      With the UIs hosted through a proxy, and the potential for multiple backends, ownership of CSRF protection headers is unclear, and also impossible to pass through due to conflicts.

      We should use the front-end host to protect and proxy the CSRF protection to allow the backend to be picky about its level of CSRF protection.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              simonellistonball Simon Elliston Ball
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: