Use state parameter to mitigate CSRF [#2776341]

Comment	File	Size	Author
	oauth_connector-156551-12.patch	1.28 KB	fortis

Comment #1

31 July 2016 at 19:01

fortis created an issue. See original summary.

Log in or register to post comments

Comment #2

fortis commented 31 July 2016 at 19:02

The client implementation doesn't use state parameter to mitigate CSRF

Log in or register to post comments

Comment #3

fortis commented 31 July 2016 at 19:02

Status:

Active

» Needs review

Log in or register to post comments

Comment #4

fortis commented 31 July 2016 at 19:04

Title:

Use state parameter

» use state parameter to mitigate CSRF

Log in or register to post comments

Comment #5

fortis commented 31 July 2016 at 19:04

Title:

use state parameter to mitigate CSRF

» Use state parameter to mitigate CSRF

Log in or register to post comments

Comment #6

fortis commented 31 July 2016 at 20:38

Priority:

Normal

» Critical

Log in or register to post comments

Comment #7

somatick commented 25 January 2017 at 03:56

Status:

Needs review

» Reviewed & tested by the community

Have tested the patch. This is an important addition which does not interfere with the authentication process.
http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oau...

Log in or register to post comments

Use state parameter to mitigate CSRF

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

News items

Our community

Documentation

Drupal code base

Governance of community