Skip to content

CSRF is not skipped for HEAD requests #18856

New issue
New issue
Closed
#51457
Closed
CSRF is not skipped for HEAD requests#18856
#51457
Labels
1. to developAccepted and waiting to be taken care ofenhancementfeature: authenticationfeature: davgood first issueSmall tasks with clear documentation about how and in which place you need to fix things in.security
@HolgerHees

Description

@HolgerHees
HolgerHees
opened on Jan 13, 2020

In the file /apps/dav/lib/Connector/Sabre/Auth Line 173 (Function requiresCSRFCheck) we skip CSRF checks only for GET requests. Why not for HEAD requests?

I mean a HEAD request is a GET request without the BODY:

Can we add a the HEAD method here too? If yes I can create a pull request if you want.

Metadata

Metadata

Assignees

No one assigned

    Labels

    1. to developAccepted and waiting to be taken care ofenhancementfeature: authenticationfeature: davgood first issueSmall tasks with clear documentation about how and in which place you need to fix things in.security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions