auth

Paddy 2014-11-02 Parent:cef5111af5c7 Child:c29c7df35905

63:dd75d24475c0 Go to Latest

auth/http.go

Turn our TODO into a BUG. Lack of CSRF protection is most decidedly a bug, so let's list it as such.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/http.go	Sun Nov 02 21:14:21 2014 -0500
     1.2 +++ b/http.go	Sun Nov 02 21:15:46 2014 -0500
     1.3 @@ -113,7 +113,7 @@
     1.4  		return
     1.5  	}
     1.6  	if r.Method == "POST" {
     1.7 -		// TODO: CSRF protection
     1.8 +		// BUG(paddy): We need to implement CSRF protection when obtaining a grant code.
     1.9  		if r.PostFormValue("grant") == "approved" {
    1.10  			code := uuid.NewID().String()
    1.11  			grant := Grant{