yacy_search_server

Commit Graph

Author	SHA1	Message	Date
luccioman	cde237b687	Enforced access controls on some administrative actions. - ensure use of HTTP POST method : HTTP GET should only be used for information retrieval and not to perform server side effect operations (see HTTP standard https://tools.ietf.org/html/rfc7231#section-4.2.1) - a transaction token is now required for these administrative form submissions to ensure the request can not be included in an external site and performed silently/by mistake by the user browser	8 years ago

Author

SHA1

Message

Date

luccioman

cde237b687

Enforced access controls on some administrative actions.

- ensure use of HTTP POST method : HTTP GET should only be used for
information retrieval and not to perform server side effect operations
(see HTTP standard https://tools.ietf.org/html/rfc7231#section-4.2.1)
 - a transaction token is now required for these administrative form
submissions to ensure the request can not be included in an external
site and performed silently/by mistake by the user browser

1 Commits (8a4ea1c11ec8cb1b49ea5ec55195c5ad2d9f9d47)