Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Require CSRF token for action=scribunto-console
This is basically unexploitable, given that Scribunto sessions are "extremely ephemeral", protected by a 31-bit non-cryptographically random token and generally contain very little useful data. But, requiring a CSRF token is a best practice and since this module is internal and only used in one place, it's also unlikely to break anything. Because it needs a token, the module is POST-only now too. Bug: T212071 Change-Id: I7fb6b4f856ee6194eb37c26e14f178fea6c0a3f6
- Loading branch information