zydronium/google-nomulus

Fork 0

mirror of https://github.com/google/nomulus.git synced 2025-05-14 08:27:14 +02:00

Commit graph

Author	SHA1	Message	Date
guyben	da5a8796b8	Allow XSRF to be sent as POST parameter in addition to HTML header HTML headers can only be sent via JS, we need this change to allow secure POST form submission. The form itself will have a hidden "input" tag with the XSRF token in it. This is how other framework do it as well - see https://en.wikipedia.org/wiki/Cross-site_request_forgery#Synchronizer_token_pattern This is in preparation for the OT&E setup page, which will be a simple form with a "submit" button, so using JS for it is overkill. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=226178070	2018-12-20 07:46:33 -05:00

Author

SHA1

Message

Date

guyben

da5a8796b8

Allow XSRF to be sent as POST parameter in addition to HTML header

HTML headers can only be sent via JS, we need this change to allow
secure POST form submission.

The form itself will have a hidden "input" tag  with the XSRF token in it. This
is how other framework do it as well - see
https://en.wikipedia.org/wiki/Cross-site_request_forgery#Synchronizer_token_pattern

This is in preparation for the OT&E setup page, which will be a simple form
with a "submit" button, so using JS for it is overkill.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=226178070

2018-12-20 07:46:33 -05:00

1 commit