flask-micropub icon indicating copy to clipboard operation
flask-micropub copied to clipboard
verified publisher icon kylewm

CSRF protection using state parameter

Open karadaisy opened this issue 10 years ago • 1 comments

we need to protect against malicious redirects by adding a verifiable signature to the state parameter (in addition to the app-supplied next_url). TODO understand this better.

http://tools.ietf.org/html/rfc6749#section-10.12 http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oauth2.html

karadaisy avatar Feb 03 '15 17:02 karadaisy

fixed in c8494277a8cf59300adbb1ebc39955b80b88fd88

karadaisy avatar Sep 23 '15 02:09 karadaisy