[Jifty-commit] r7037 - plugins/Jifty-Plugin-Authentication-CAS/lib/Jifty/Plugin/Authentication/CAS
Jifty commits
jifty-commit at lists.jifty.org
Fri May 15 04:07:51 EDT 2009
Author: yves
Date: Fri May 15 04:07:51 2009
New Revision: 7037
Modified:
plugins/Jifty-Plugin-Authentication-CAS/lib/Jifty/Plugin/Authentication/CAS/Dispatcher.pm
Log:
whitelist CASLogout
Modified: plugins/Jifty-Plugin-Authentication-CAS/lib/Jifty/Plugin/Authentication/CAS/Dispatcher.pm
==============================================================================
--- plugins/Jifty-Plugin-Authentication-CAS/lib/Jifty/Plugin/Authentication/CAS/Dispatcher.pm (original)
+++ plugins/Jifty-Plugin-Authentication-CAS/lib/Jifty/Plugin/Authentication/CAS/Dispatcher.pm Fri May 15 04:07:51 2009
@@ -4,6 +4,9 @@
package Jifty::Plugin::Authentication::CAS::Dispatcher;
use Jifty::Dispatcher -base;
+# whitelist safe actions to avoid cross-site scripting
+before '*' => run { Jifty->api->allow('CASLogout') };
+
# Put any plugin-specific dispatcher rules here.
before '/caslogin' => run {
More information about the Jifty-commit
mailing list