Return-Path: 
 <allura-dev-return-2917-apmail-incubator-allura-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-allura-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-allura-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1A7F210E21
	for <apmail-incubator-allura-dev-archive@minotaur.apache.org>;
 Tue, 17 Dec 2013 22:06:04 +0000 (UTC)
Received: (qmail 73232 invoked by uid 500); 17 Dec 2013 22:06:04 -0000
Delivered-To: apmail-incubator-allura-dev-archive@incubator.apache.org
Received: (qmail 73219 invoked by uid 500); 17 Dec 2013 22:06:04 -0000
Mailing-List: contact allura-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:allura-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:allura-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:allura-dev@incubator.apache.org>
List-Id: <allura-dev.incubator.apache.org>
Reply-To: allura-dev@incubator.apache.org
Delivered-To: mailing list allura-dev@incubator.apache.org
Received: (qmail 73211 invoked by uid 99); 17 Dec 2013 22:06:04 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Dec 2013 22:06:04 +0000
X-ASF-Spam-Status: No, hits=-0.1 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of noreply@sourceforge.net
 designates 216.34.181.60 as permitted sender)
Received: from [216.34.181.60] (HELO smtp.ch3.sourceforge.com) (216.34.181.60)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Dec 2013 22:05:59 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.com; s=x;
	h=Date:References:In-Reply-To:Message-ID:Subject:Reply-To:From:To:MIME-Version:Content-Type;
 bh=ZTIYhZx7BPTybe/UBFJY26kVUIHIYLrnlQWZHys5ldM=;
	b=O7CQOMLTx8YHKf3A4BTFgc2l3ymcWcaJy2IOt32hZlN347Ly+ZmMmxZlV7bDhOMstxtJGiUoybwpC5CWrZuROGXh4/16T2R6c6/ngtSVX6k0XEn8hrY26GNRMUKdIGjDzv9YtiCEiDyLp+xi4KjQL65E3oKLDquldPC/Ms2kgFc=;
Received: from localhost ([127.0.0.1]
 helo=sfs-alluradaemon-3.v29.ch3.sourceforge.com)
	by sfs-alluradaemon-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <noreply@sourceforge.net>)
	id 1Vt2ln-0001cL-2N
	for allura-dev@incubator.apache.org; Tue, 17 Dec 2013 22:05:39 +0000
Content-Type: multipart/related;
 boundary="===============3737741041694292506=="
MIME-Version: 1.0
To: allura-dev@incubator.apache.org
From: "Cory Johns" <masterbunnyfu@users.sf.net>
Reply-To: "[allura:tickets] " <6983@tickets.allura.p.re.sf.net>
Subject: [allura:tickets] #6983 Add CSRF token to OAuth forms
Message-ID: 
 </p/allura/tickets/6983/546e2767f15796e8177b764b17ddb34b90e7397a.tickets@allura.p.sourceforge.net>
In-Reply-To: <52aa3021a02bb102b5e9c0f8.tickets@allura.p.sourceforge.net>
References: <52aa3021a02bb102b5e9c0f8.tickets@allura.p.sourceforge.net>
Date: Tue, 17 Dec 2013 22:05:39 +0000
X-Virus-Checked: Checked by ClamAV on apache.org

--===============3737741041694292506==
Content-Type: multipart/alternative;
 boundary="===============5432081574104325771=="
MIME-Version: 1.0

--===============5432081574104325771==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

- **status**: code-review --> closed



---

** [tickets:#6983] Add CSRF token to OAuth forms**

**Status:** closed
**Created:** Thu Dec 12, 2013 09:52 PM UTC by Cory Johns
**Last Updated:** Tue Dec 17, 2013 10:02 PM UTC
**Owner:** Dave Brondsema

Recent change to make CSRF not rely on javascript, the OAuth forms are now broken as they are missing the field.


---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
--===============5432081574104325771==
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

<div class="markdown_content"><ul>
<li><strong>status</strong>: code-review --&gt; closed</li>
</ul>
<hr />
<p><strong> <a class="alink" href="http://sourceforge.net/p/allura/tickets/6983/">[tickets:#6983]</a> Add CSRF token to OAuth forms</strong></p>
<p><strong>Status:</strong> closed<br />
<strong>Created:</strong> Thu Dec 12, 2013 09:52 PM UTC by Cory Johns<br />
<strong>Last Updated:</strong> Tue Dec 17, 2013 10:02 PM UTC<br />
<strong>Owner:</strong> Dave Brondsema</p>
<p>Recent change to make CSRF not rely on javascript, the OAuth forms are now broken as they are missing the field.</p>
<hr />
<p>Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to <a href="https://sourceforge.net/p/allura/tickets/">https://sourceforge.net/p/allura/tickets/</a></p>
<p>To unsubscribe from further messages, a project admin can change settings at <a href="https://sourceforge.net/p/allura/admin/tickets/options.">https://sourceforge.net/p/allura/admin/tickets/options.</a>  Or, if this is a mailing list, you can unsubscribe from the mailing list.</p></div>
--===============5432081574104325771==--

--===============3737741041694292506==--