| 1 | = Trac HTTP Methods = |
| 2 | |
| 3 | To protect against [http://www.squarefree.com/securitytips/web-developers.html#CSRF CSRF attacks] and to adhere to the HTTP RFC rules on [http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1 Safe and Idempotent Methods], |
| 4 | |
| 5 | * Check that all requests that create, modify or delete resources use the HTTP POST method. |
| 6 | * Use real server-side confirmation for deletion of wiki pages and attachments, instead of the JavaScript confirmation dialog. |
| 7 | |
| 8 | This policy started with changeset [1701], as explained in [http://lists.edgewall.com/archive/trac/2005-August/004003.html a Christopher Lenz email]. |
| 9 | |
| 10 | |