Edgewall Software

Trac HTTP Methods

To protect against CSRF attacks and to adhere to the HTTP RFC rules on Safe and Idempotent Methods,

  • Check that all requests that create, modify or delete resources use the HTTP POST method.
  • Use real server-side confirmation for deletion of wiki pages and attachments, instead of the JavaScript confirmation dialog.

This policy started with changeset [1701], as explained in a mail on the MailingList by ChristopherLenz.

Last modified 16 years ago Last modified on Sep 4, 2005, 1:30:19 PM
Note: See TracWiki for help on using the wiki.