Return-Path: 
 <allura-dev-return-3157-apmail-incubator-allura-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-allura-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-allura-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E5607104E2
	for <apmail-incubator-allura-dev-archive@minotaur.apache.org>;
 Mon, 13 Jan 2014 20:51:54 +0000 (UTC)
Received: (qmail 78042 invoked by uid 500); 13 Jan 2014 20:01:54 -0000
Delivered-To: apmail-incubator-allura-dev-archive@incubator.apache.org
Received: (qmail 77970 invoked by uid 500); 13 Jan 2014 20:01:39 -0000
Mailing-List: contact allura-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:allura-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:allura-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:allura-dev@incubator.apache.org>
List-Id: <allura-dev.incubator.apache.org>
Reply-To: allura-dev@incubator.apache.org
Delivered-To: mailing list allura-dev@incubator.apache.org
Received: (qmail 77900 invoked by uid 99); 13 Jan 2014 20:01:15 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Jan 2014 20:01:15 +0000
X-ASF-Spam-Status: No, hits=-0.1 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of noreply@sourceforge.net
 designates 216.34.181.60 as permitted sender)
Received: from [216.34.181.60] (HELO smtp.ch3.sourceforge.com) (216.34.181.60)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Jan 2014 20:01:11 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.com; s=x;
	h=Date:References:In-Reply-To:Message-ID:Subject:Reply-To:From:To:MIME-Version:Content-Type;
 bh=vtleK/b9XqGncPDQw4mknzNUMcj2WSXA5Jv2tEHYcYs=;
	b=lALz69tDrxUtkMncgp/xuA62jn7aYyGuGS/Xp6FtIMHY/1YfKdQEPZ2y+M9yXlAkPKP8JfBf175FtVpnF5+klInlRPh0nysdQDM6/iprnDmftqnqJKYKigxxd5nA163AXzyLCrc4k09CFm9wn5dFJ34700etMQKwoJaDXocQkm0=;
Received: from localhost ([127.0.0.1]
 helo=sfs-alluradaemon-2.v29.ch3.sourceforge.com)
	by sfs-alluradaemon-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <noreply@sourceforge.net>)
	id 1W2ngo-0000Lv-8f
	for allura-dev@incubator.apache.org; Mon, 13 Jan 2014 20:00:50 +0000
Content-Type: multipart/related;
 boundary="===============3585811519250449419=="
MIME-Version: 1.0
To: allura-dev@incubator.apache.org
From: "Cory Johns" <masterbunnyfu@users.sf.net>
Reply-To: "[allura:tickets] " <7026@tickets.allura.p.re.sf.net>
Subject: [allura:tickets] #7026 Require POST for follow/unfollow actions
Message-ID: 
 </p/allura/tickets/7026/00c91a6f34a8ba0e7dc75516757c68db1d1dd059.tickets@allura.p.sourceforge.net>
In-Reply-To: <52cb0851b9363c2ef01e5b83.tickets@allura.p.sourceforge.net>
References: <52cb0851b9363c2ef01e5b83.tickets@allura.p.sourceforge.net>
Date: Mon, 13 Jan 2014 20:00:50 +0000
X-Virus-Checked: Checked by ClamAV on apache.org

--===============3585811519250449419==
Content-Type: multipart/alternative;
 boundary="===============4456213348521415348=="
MIME-Version: 1.0

--===============4456213348521415348==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

- **status**: open --> in-progress
- **assigned_to**: Cory Johns



---

** [tickets:#7026] Require POST for follow/unfollow actions**

**Status:** in-progress
**Labels:** activitystreams security 
**Created:** Mon Jan 06, 2014 07:47 PM UTC by Dave Brondsema
**Last Updated:** Fri Jan 10, 2014 08:33 PM UTC
**Owner:** Cory Johns

`def follow` in `forgeactivity/main.py` should require POST.  And templates and tests should be changed to send posts (and don't forget the csrf token).


---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
--===============4456213348521415348==
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

<div class="markdown_content"><ul>
<li><strong>status</strong>: open --&gt; in-progress</li>
<li><strong>assigned_to</strong>: Cory Johns</li>
</ul>
<hr />
<p><strong> <a class="alink" href="http://sourceforge.net/p/allura/tickets/7026/">[tickets:#7026]</a> Require POST for follow/unfollow actions</strong></p>
<p><strong>Status:</strong> in-progress<br />
<strong>Labels:</strong> activitystreams security <br />
<strong>Created:</strong> Mon Jan 06, 2014 07:47 PM UTC by Dave Brondsema<br />
<strong>Last Updated:</strong> Fri Jan 10, 2014 08:33 PM UTC<br />
<strong>Owner:</strong> Cory Johns</p>
<p><code>def follow</code> in <code>forgeactivity/main.py</code> should require POST.  And templates and tests should be changed to send posts (and don't forget the csrf token).</p>
<hr />
<p>Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to <a href="https://sourceforge.net/p/allura/tickets/">https://sourceforge.net/p/allura/tickets/</a></p>
<p>To unsubscribe from further messages, a project admin can change settings at <a href="https://sourceforge.net/p/allura/admin/tickets/options.">https://sourceforge.net/p/allura/admin/tickets/options.</a>  Or, if this is a mailing list, you can unsubscribe from the mailing list.</p></div>
--===============4456213348521415348==--

--===============3585811519250449419==--