projects / tomcat7.0 / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fa0f1c1) | patch
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=40001
authormarkt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Sat, 10 Oct 2009 21:54:54 +0000 (21:54 +0000)
committermarkt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Sat, 10 Oct 2009 21:54:54 +0000 (21:54 +0000)
commitd1d0126c23b7c1609d59de0579eba4bc9ac74288
tree3eca3917e75deeb980d8fbb3f9570e3beb6fdba8tree | snapshot
parentfa0f1c1dc58745cc19b3eff0a3e0aac79853ad32commit | diff
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=40001
Use POST rather than GET for all operations that are not idempotent
Partly based on a patch suggested by Daniel Naber
Remove the "Are you sure?", partly due to lack of i18n support and since as (based on my recollection) as many people disliked the feature as liked it.
Provides a (very) small measure of CSRF protection but lays the foundation for using a nonce with POST.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@823962 13f79535-47bb-0310-9956-ffa450edef68
java/org/apache/catalina/manager/Constants.java diff | blob | history
java/org/apache/catalina/manager/HTMLManagerServlet.java diff | blob | history
java/org/apache/catalina/manager/LocalStrings.properties diff | blob | history
Unnamed repository; edit this file to name it for gitweb.