git.stricted.de - GitHub/WoltLab/WCF.git/commit

projects / GitHub / WoltLab / WCF.git / commit

author	Alexander Ebert <ebert@woltlab.com>
	Mon, 14 Nov 2022 18:28:47 +0000 (19:28 +0100)
committer	Alexander Ebert <ebert@woltlab.com>
	Mon, 14 Nov 2022 18:28:47 +0000 (19:28 +0100)
commit	125198bcfbe87484021535a5bc3e100be1bd5e13
tree	c9f4fc2f4b89de19f9df3883ea1354a6f16ebc63	tree \| snapshot (tar.gz zip)
parent	3110f7464a2812359dbf2d29d32140d6cb0217fa	commit \| diff

Reject requests for `RquestHandlerInterface` implementations without a valid XSRF token

GET and HEAD requests are always exempt from the validation, because these are by definition safe actions (*).

(*) Legacy implementations violated this principle, but this is a bad practice and is frowned upon in new PSR implementation.

wcfsetup/install/files/lib/http/middleware/Xsrf.class.php

diff | blob | blame | history

WoltLab Suite Core (previously WoltLab Community Framework)

RSS Atom