stable
Clone or download
Read-only
request #11421: Make global search form submitting data with a GET request
Searching something on the instance does not change the state on the server, as such, using a POST request breaks the semantic defined in RFC7231. It also triggers false positive in security scanner tools since the form is not protected (and does need to be) against CSRF. This contribution aligns the behavior of the global search form to what's already done in BurningParrot pages: data of the global search form is submitted with a GET request. Change-Id: Ib2925373dcf25bec6ccb6b6b3e49d89c06780ba6
Modified Files
Name | ||||
---|---|---|---|---|
M | src/templates/search/search-bar.mustache | +1 | −1 | Go to diff View file |
M | src/www/themes/FlamingParrot/templates/navbar-search-form.mustache | +1 | −1 | Go to diff View file |