Edgewall Software

Changes between Initial Version and Version 1 of TracDev/HttpMethods


Ignore:
Timestamp:
Aug 5, 2005, 4:51:52 PM (14 years ago)
Author:
jeoffwilks@…
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • TracDev/HttpMethods

    v1 v1  
     1= Trac HTTP Methods =
     2
     3To protect against [http://www.squarefree.com/securitytips/web-developers.html#CSRF CSRF attacks] and to adhere to the HTTP RFC rules on [http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1 Safe and Idempotent Methods],
     4
     5 * Check that all requests that create, modify or delete resources use the HTTP POST method.
     6 * Use real server-side confirmation for deletion of wiki pages and attachments, instead of the JavaScript confirmation dialog.
     7
     8This policy started with changeset [1701], as explained in [http://lists.edgewall.com/archive/trac/2005-August/004003.html a Christopher Lenz email].
     9
     10