Fisheye: changeset oacs-5-10:gustafn:20231123120728

gustafn

committed

oacs-5-10:gustafn:20231123120728

on 23 Nov 23

Do not pass the __csrf_token via return_url when the user is not logged-in

Passing the token seems to cause problems with web vulnerability… Show more

Do not pass the __csrf_token via return_url when the user is not logged-in

Passing the token seems to cause problems with web vulnerability scanners, that poison

the token value. The value of passing the token value for unregistered users

is questionable.

If this change is kept, it should go as well to the openacs-bootstral3.theme.

Show less

oacs-5-10:antoniop:20231123114517

oacs-5-10

Options