Protect Optimize from CSRF attacks

XMLWordPrintable

      • given:
        • I log in to Optimize
      • when:
        • In another tab I click on a link that contains a forged request to Optimize, which would perform an action that I don't want to perform, e.g. deleting a report.
      • then:
        • the forged request is not being executed
      • such that:
        • Optimize only performs actions that I authorized it to do and attackers acan't force me to execute unwanted actions

      AT:

      • Optimize is protected against CSRF attacks
      • There is a security notice informing users that the Optimize 2.5 contains a protection mechanism agains CSRF attacks

        1.
        		 Add CSRF-Protection Sub-task Done Unassigned
        2.
        		 Store csrf session token in front-end Sub-task Done Unassigned
        3.
        		 Write security notice about CRSF protection Sub-task Done Unassigned

            Assignee:
            Unassigned
            Reporter:
            Felix Mueller
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: