[rt-users] Cross site request forgery
Paul Tomblin
ptomblin at xcski.com
Mon Sep 17 22:06:04 EDT 2012
On Monday, September 17, 2012, Chris O'Kelly wrote:
>
> Hi Paul,****
>
> ** **
>
> Firstly, I'll just point out this isn't my fix, it's stolen from the top
> answer of
> http://stackoverflow.com/questions/4762254/javascript-window-location-does-not-set-referer-in-the-request-header,
> but it is elegant and works, so there you go. Define the function
> navigateToUrl(url), either in an external file that you include in each
> page (I forget what the name of the configuration option is, but you'll
> find it if you grep etc/RT_Config.pm for javascript) or inline in all the
> pages you might use it (I would suggest the former of these).****
>
>
> Thanks Chris. That page is extremely helpful.
--
http://www.linkedin.com/in/paultomblin
http://careers.stackoverflow.com/ptomblin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120917/f1b8af16/attachment.htm>
More information about the rt-users
mailing list