action #1634
closed
- Target version set to Sprint 03
- Status changed from New to In Progress
Mojolicious-Plugin-CSRFProtect is a bit strange as it duplicates functionality that mojo already provides. Ie it reimplements the function to generate the token and stores the token as 'csrftoken' instead of using mojos' 'csrf_token'
- % Done changed from 0 to 30
initial CSRF protection support
- automatically add csrf_token to all forms created with form_for
- new postlink command to create links with data-method post and
csrf_token
pushed to csrf branch
- % Done changed from 30 to 40
- Checklist item changed from to [x] csrf protection for foms, [x] csrf token in post links, [x] automatic csrf check for all requests != get, [x] csrf token in ajax requests, [x] client support for csrf, [ ] worker support for csrf token
- Checklist item changed from to [x] worker support for csrf token
- Checklist item changed from [x] csrf protection for foms, [x] csrf token in post links, [x] automatic csrf check for all requests != get, [x] csrf token in ajax requests, [x] client support for csrf, [x] worker support for csrf token to [x] csrf protection for foms, [x] csrf token in post links, [x] automatic csrf check for all requests != get, [x] csrf token in ajax requests, [x] client support for csrf, [x] worker support for csrf token, [ ] secure cookies, [ ] secrets
- % Done changed from 40 to 70
don't store openid in config file, compute it on startup
- Checklist item changed from to [x] secrets
- % Done changed from 70 to 80
secrets are stored in the database now
- Checklist item changed from to [x] secure cookies
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
added https redirect for login, secure cookies, hsts headers
Also available in: Atom
PDF