Return-Path:
[tickets:#7026] Require POST for follow/unfollow actions
Status: in-progress
Labels: activitystreams security
Created: Mon Jan 06, 2014 07:47 PM UTC by Dave Brondsema
Last Updated: Fri Jan 10, 2014 08:33 PM UTC
Owner: Cory Johns
def follow
in forgeactivity/main.py
should require POST. And templates and tests should be changed to send posts (and don't forget the csrf token).
Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.