Cross-Site Request Forgery vulnerability #507
RobinDaugherty
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Prior to release 2.8.0, better_errors did not enforce CSRF protection and did not enforce a Content-Type header for internal requests. This left developer machines open to a cross-origin attack.
If you have any questions about this vulnerability or how we mitigated it, please ask them here or open an Issue in this repository.
Beta Was this translation helpful? Give feedback.
All reactions