Mercurial > kallithea
comparison docs/installation.rst @ 7701:9c2fc1390291
tests: prepare for adding CSRF protection on login forms
CSRF is about avoiding abuse of credentials by doing things in existing
sessions. The login form does not have any previous credentials, so there is
nothing to abuse and no real need for CSRF protection. But there is still an
unauth session, so we *can* have CSRF protection.
CSRF protection is currently in LoginRequired (which obviously isn't
applied to the login form), but let's prepare for changing that.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Fri, 04 Jan 2019 03:42:17 +0100 |
parents | 19af3fef3b34 |
children | 3a3d96dbd445 |
comparison
equal
deleted
inserted
replaced
7700:ffdcf0dfe0e4 | 7701:9c2fc1390291 |
---|