diff options
author | Jason A. Donenfeld | 2014-01-16 11:39:17 +0100 |
---|---|---|
committer | Jason A. Donenfeld | 2014-01-16 12:13:39 +0100 |
commit | b826537cb4aa2358027ffcb1dd6a87274734e962 (patch) | |
tree | 7c749c66d868cb996828d2b65a4bede58b5ebd62 /cgitrc.5.txt | |
parent | d6e9200cc35411f3f27426b608bcfdef9348e6d3 (diff) | |
download | cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.tar.gz cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.tar.bz2 cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.zip |
authentication: use hidden form instead of referer
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'cgitrc.5.txt')
-rw-r--r-- | cgitrc.5.txt | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/cgitrc.5.txt b/cgitrc.5.txt index c45dbd3..682d8bb 100644 --- a/cgitrc.5.txt +++ b/cgitrc.5.txt | |||
@@ -662,7 +662,8 @@ auth filter:: | |||
662 | the http cookie and return a 0 if it is invalid or 1 if it is invalid, | 662 | the http cookie and return a 0 if it is invalid or 1 if it is invalid, |
663 | in the exit code / close function. If the filter action is | 663 | in the exit code / close function. If the filter action is |
664 | "authenticate-post", this filter receives POST'd parameters on | 664 | "authenticate-post", this filter receives POST'd parameters on |
665 | standard input, and should write to output one or more "Set-Cookie" | 665 | standard input, and should write a complete CGI request, preferably |
666 | with a 302 redirect, and write to output one or more "Set-Cookie" | ||
666 | HTTP headers, each followed by a newline. | 667 | HTTP headers, each followed by a newline. |
667 | 668 | ||
668 | Please see `filters/simple-authentication.lua` for a clear example | 669 | Please see `filters/simple-authentication.lua` for a clear example |