Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #45613 Add CSRF tokens to legacy MediaWiki plugin administration
    Actions
    Infos
    #45613
    Clarck Robinson (robinsoc)
    2025-11-12 16:21
    2025-11-12 12:06
    47333
    Details
    Add CSRF tokens to legacy MediaWiki plugin administration

    Form processing already make sure the request has been made with a POST (so it benefits from the SameSite cookie attribute set to Lax as well as the __Host- prefix).

    Should still have CSRF token protection per our secure coding guidelines but this does not represent an immediate risk.

    Mediawiki
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Under implementation
    Empty
    Attachments
    Empty
    References
    References list is empty
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2025-11-12 16:21
    • Summary
      -Missing CSRF protections in Mediawiki 
      +Add CSRF tokens to legacy MediaWiki plugin administration 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Status changed from New to Under implementation
    • Assigned to changed from None to Thomas Gerbet (tgerbet)