[Jifty-commit] r7181 - jifty/trunk/lib/Jifty

Jifty commits jifty-commit at lists.jifty.org
Thu Jun 4 18:34:28 EDT 2009


Author: sartak
Date: Thu Jun  4 18:34:27 2009
New Revision: 7181

Modified:
   jifty/trunk/lib/Jifty/Web.pm

Log:
No real need for the long CSRF action denial message

Modified: jifty/trunk/lib/Jifty/Web.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web.pm	(original)
+++ jifty/trunk/lib/Jifty/Web.pm	Thu Jun  4 18:34:27 2009
@@ -360,7 +360,8 @@
                         . $request_action->class
                         . "'" );
                 $self->log->warn( Jifty->api->explain($request_action->class ) );
-                $self->log->error("NOTICE! A cross-site scripting security fix has been installed so that actions are now by default DENIED during GET requests. You must specifically whitelist safe actions using this in your dispatcher: before '*' => run { Jifty->api->allow('SafeAction') }; - We apologize for the inconvenience.") if $self->request->request_method eq "GET";
+                # Possible cross-site request forgery
+                $self->log->error("Action " . $request_action->class . " has been denied because the request is a GET") if $self->request->request_method eq "GET";
                 push @denied_actions, $request_action;
                 next;
             }


More information about the Jifty-commit mailing list