-
-
Notifications
You must be signed in to change notification settings - Fork 5.3k
[Security] No CSRF in the login form? #3059
Copy link
Copy link
Closed
Labels
FormSecurityactionableClear and specific issues ready for anyone to take them.Clear and specific issues ready for anyone to take them.hasPRA Pull Request has already been submitted for this issue.A Pull Request has already been submitted for this issue.
Description
Metadata
Metadata
Assignees
Labels
FormSecurityactionableClear and specific issues ready for anyone to take them.Clear and specific issues ready for anyone to take them.hasPRA Pull Request has already been submitted for this issue.A Pull Request has already been submitted for this issue.
Type
Fields
Give feedbackNo fields configured for issues without a type.
In the login form of the documentation, there is no CSRF protection.
I think that forcing an user to login may be a security issue in some cases.
Any opinion on that?