Project

General

Profile

Bug #4895

API should check for the presence of a CSRF token when there is a session user

Added by Eric Helms about 5 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
API
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Related issues

Related to Foreman - Bug #4776: Accessing API does not seem to refresh cookie expirationClosed2014-03-21
Related to Foreman - Bug #4968: API with SSO access requires some CSRF protectionNew2014-03-31

Associated revisions

Revision 73f99b5c (diff)
Added by Dominic Cleal about 5 years ago

fixes #4895 - Adds CSRF protection check to the API if a session user is present

History

#1 Updated by Dominic Cleal about 5 years ago

  • Category set to API
  • Status changed from New to Ready For Testing
  • Assignee set to Eric Helms
  • Target version set to 1.8.4

#2 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #4776: Accessing API does not seem to refresh cookie expiration added

#3 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #4968: API with SSO access requires some CSRF protection added

#4 Updated by Dominic Cleal about 5 years ago

  • Legacy Backlogs Release (now unused) set to 4

#5 Updated by Dominic Cleal about 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF