Changes between Initial Version and Version 1 of Ticket #3360, comment 30
- Timestamp:
- Feb 24, 2012, 7:47:39 AM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #3360, comment 30
initial v1 2 2 > Just one doubt: do you use a `GET` request to save the preferences? This opens the door to XSRF attacks. Normally, all mutating operations must use `POST` requests, and must include the `__FORM_TOKEN`. The token should be available in !JavaScript in the global variable `form_token`, and can be passed with the request. 3 3 4 Right, thanks. Does [changeset:f9bee83cd0b4/psuter this] look ok? 4 Right, thanks. Does [changeset:f9bee83cd0b4/psuter this] look ok? 5 6 Edit: Oops, I forgot to require `POST` requests. Added [changeset:3d7582dbc576/psuter here]. ([http://trac.edgewall.org/changeset/3d7582dbc576bdc783946da7bce25b0036b25496/psuter?old=8a0274183119696ebb760692d58b1e3d080668e2#file1 Full diff])