Details
-
Bug
-
Resolution: Duplicate
-
Critical
-
None
-
None
-
None
Description
For the HTTP interface we need some form of cross site request forgery protection to cover scenarios where an administrator has already authenticated against AS so the web browser has cached credentials - we need to prevent malicious requests from the same web browser.
Attachments
Issue Links
- duplicates
-
AS7-2400 Prevention of CSRF reqeusts being accepted and disabling cross-origin resource sharing for the HTTP interface
- Resolved