Contrib.social

Use sec-fetch-dest header for CSRF protection

Open on Drupal.org β†’
Created on 23 April 2024, 12 months ago

Problem/Motivation

See #144538-162: User logout is vulnerable to CSRF β†’

According to https://caniuse.com/?search=sec-fetch-dest browser support is very good, however this is still a draft spec.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

πŸ“Œ Task
Status

Active

Version

11.0 πŸ”₯

Component
BaseΒ  β†’

Last updated about 18 hours ago

Created by

πŸ‡¬πŸ‡§United Kingdom catch

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024