[rt-users] any way to get directly to the "Crate Ticket" page
Payam Poursaied
me at payam124.com
Mon Nov 11 15:59:01 EST 2013
Hi All
One of my colleagues, create tickets frequently in a specific queue. In
RT3.8.8 in made a bookmark similar to
http://ticket-server/rt/Ticket/Create.html?Queue=XX and directly got to the
ticket create page. But in RT4.2, it seems that in order to prevent cross
site script, block direct access to ticket creation page.
First, I can understand that blocking direct access to create ticket page is
a must in order to prevent cross site forgery, does getting to the first
page, which only shows blank page, could causes any problem? I think getting
to http://ticket-server/rt/Ticket/Create.html?Queue=XX without any other
POST/GET parameter may not be unsafe. Am I wrong?
Second, is there any workaround/suggestion to overcome this case? Any
comment is appreciated
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20131111/47ad8925/attachment.htm>
More information about the rt-users
mailing list