Add XSRF protection for POST requests
[?]
Oct 20, 2016, 2:11 PM
2P35LNRY3ZWGLARBNWLQEW2QPS3CTK4Z677ZZYFX4GLVNLUONYBACDependencies
- [2]
LZVO64YGMerge in the first bits of the API work - [*]
J5UVLXOK* Start of a basic Catalyst web interface.
Change contents
- edit in src/lib/Hydra/Controller/Root.pm at line 63
# XSRF protection: require POST requests to have the same origin.if ($c->req->method eq "POST") {my $referer = $c->req->header('Origin');$referer //= $c->req->header('Referer');my $base = $c->req->base;error($c, "POST requests should come from ‘$base’")unless defined $referer && $referer eq $base;}