Bug #4895

API should check for the presence of a CSRF token when there is a session user

Added by Eric Helms over 3 years ago. Updated over 3 years ago.

Status:Closed
Priority:Normal
Assigned To:Eric Helms
Category:API
Target version:Sprint 22
Difficulty: Bugzilla link:
Found in release: Pull request:
Story points-
Velocity based estimate-
Release1.5.0Release relationshipAuto

Related issues

Related to Foreman - Bug #4776: Accessing API does not seem to refresh cookie expiration Closed 03/21/2014
Related to Foreman - Bug #4968: API with SSO access requires some CSRF protection New 03/31/2014

Associated revisions

Revision 73f99b5c
Added by Dominic Cleal over 3 years ago

fixes #4895 - Adds CSRF protection check to the API if a session user is present

History

#1 Updated by Dominic Cleal over 3 years ago

  • Category set to API
  • Status changed from New to Ready For Testing
  • Assigned To set to Eric Helms
  • Target version set to Sprint 22

#2 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #4776: Accessing API does not seem to refresh cookie expiration added

#3 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #4968: API with SSO access requires some CSRF protection added

#4 Updated by Dominic Cleal over 3 years ago

  • Release set to 1.5.0

#5 Updated by Dominic Cleal over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF