CVE-2022-24894 basic auth and csrf protection #49188
Answered
by
nicolas-grekas
nicolasleborgne
asked this question in
Q&A
-
|
Hi, Am I wrong or since the security fix for CVE-2022-24894 we cannot use in combination http basic auth and csrf protection ? Tokens are cleared at each successful login and login occurred at each request so, when submitting a form, tokens do not match. Maybe I am misunderstanding something ? (@nicolas-grekas 😇) Thanks |
Beta Was this translation helpful? Give feedback.
Answered by
nicolas-grekas
Feb 2, 2023
Replies: 2 comments
-
|
Can you provide a reproducer to understand what you mean and have ? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Let's discuss this in #49194 |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
nicolasleborgne
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Let's discuss this in #49194