[Jifty-commit] r7181 - jifty/trunk/lib/Jifty
Jifty commits
jifty-commit at lists.jifty.org
Thu Jun 4 18:34:28 EDT 2009
Author: sartak
Date: Thu Jun 4 18:34:27 2009
New Revision: 7181
Modified:
jifty/trunk/lib/Jifty/Web.pm
Log:
No real need for the long CSRF action denial message
Modified: jifty/trunk/lib/Jifty/Web.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web.pm (original)
+++ jifty/trunk/lib/Jifty/Web.pm Thu Jun 4 18:34:27 2009
@@ -360,7 +360,8 @@
. $request_action->class
. "'" );
$self->log->warn( Jifty->api->explain($request_action->class ) );
- $self->log->error("NOTICE! A cross-site scripting security fix has been installed so that actions are now by default DENIED during GET requests. You must specifically whitelist safe actions using this in your dispatcher: before '*' => run { Jifty->api->allow('SafeAction') }; - We apologize for the inconvenience.") if $self->request->request_method eq "GET";
+ # Possible cross-site request forgery
+ $self->log->error("Action " . $request_action->class . " has been denied because the request is a GET") if $self->request->request_method eq "GET";
push @denied_actions, $request_action;
next;
}
More information about the Jifty-commit
mailing list