[rt-users] Creating Search Results Bookmark w/o CSRF Warning
Chris Hiestand
chiestand at salk.edu
Thu May 24 17:51:49 EDT 2012
My normal method of creating a search result bookmark is to create the search and then copy the URL for the "Show Results" menu item. This gives me a URL with search parameters I can bookmark in my browser (I'm not discussing internal RT bookmarks here).
Under the latest RT with CSRF protections (3.8.12 in my case), a CSRF warning comes up when I follow a search results bookmark.
Firstly, I think that in general, you do not need to worry much about CSRF if the request method is GET. I do not know the internals of RT, but shouldn't all harmful operations be POSTs? If that were the case, I'd say you don't need to launch a CSRF warning if you follow such a search result URL.
Secondly, is there any way to disable such a warning without disabling all CSRF protections?
Thanks,
Chris
More information about the rt-users
mailing list