On Wed, 2010-09-01 at 10:14 -0400, Paul W. Frields wrote: > https://admin.fedoraproject.org/updates/firefox-3.6.7-1.fc14,xulrunner-1.9.2.7-2.fc14?_csrf_token=d9a1b71eaac4e787200ef64fb8f8e819a5793074
Yay, now I can perform a CSRF attack on you if you still have that browser session open. Symfony shouldn't be putting the token in the URL where it will get accidentally bookmarked or shared. I may file a bug. -- Matt -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
