luccioman cde237b687 Enforced access controls on some administrative actions. ...

- ensure use of HTTP POST method : HTTP GET should only be used for
information retrieval and not to perform server side effect operations
(see HTTP standard https://tools.ietf.org/html/rfc7231#section-4.2.1)
 - a transaction token is now required for these administrative form
submissions to ensure the request can not be included in an external
site and performed silently/by mistake by the user browser

2017-03-26 11:48:00 +02:00

6.8 KiB

Raw Permalink Blame History

View Raw