6.0.0-beta6
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
4/10/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#5307] Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
*
Your Email Address
*
Spam protection
Enter the letters below:
__.._..___.. .. . (__ | _/ | || | .__)_|_./__.|__||__|
Comment
> The issue isn't actually whether or not we trust the output of our > scripts; it's that without the security header, a malicious site can > load the javascript we output without the user knowing (provided that > they're logged in to Horde). > > > > gollem.js.php doesn't contain anything that I could imagine being > useful, but since it can be requested directly, it's the sort of > thing that should probably be protected. > > > > For things like Horde_Tree we're probably okay unless we make the > data available with a text/javascript (or */*) content-type.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers