3a6f077932
POST requests typically modify server state, and are often vulnerable to XSRF attacks. For example, a site admin could be fooled into clicking a button on a rogue website which causes his browser to run REST commands against the server. To prevent against this, REST POST requests should include a token which is first retrieved by making a GET request to the same URL. This token allows us to verify that the user visited the Gerrit site and helps protect against XSRF. An example use-case of this new API: token = $(curl --anyauth -u [user] http://review/a/rest-api | tail -n 1) curl --anyauth -u [user] -d $token http://review/a/rest-api Signed-off-by: Brad Larson <bklarson@gmail.com> Change-Id: I18f3ad2b6be4df2e5a6fa3262de5a2f4601fccea |
||
|---|---|---|
| .. | ||
| .settings | ||
| src | ||
| .gitignore | ||
| pom.xml | ||