[Owncloud] CSRF behaviour is annoying

Thomas Tanghus thomas at tanghus.net
Sun Sep 16 12:40:47 UTC 2012


On Saturday 15 September 2012 19:15 Bernhard Posselt wrote:
> I think that should be built in, because every app needs it.
> 
> On 09/15/2012 09:43 AM, Christian Reiner wrote:
> > On Saturday 15 September 2012 00:06:00 Bernhard Posselt wrote:
> >> What if there was a built in post request that renews the token?
> > 
> > This is exactly the solution I chose in my 'Shorty' app and described with
> > the previous mail. It is an ajax call that requests a fresh token some
> > minutes before the old one gets invalid.

Since everyone seems to agree that it's the best solution, and there's working 
script for it, should we add it to core? I guess it can be categorized as a 
bug fix?

Christian, are you up for it?

-- 
Med venlig hilsen / Best Regards

Thomas Tanghus



More information about the Owncloud mailing list