[SAC] [OSGeo] #2527: Invalid token upon LDAP confirmation
OSGeo
trac_osgeo at osgeo.org
Fri Nov 6 06:53:40 PST 2020
#2527: Invalid token upon LDAP confirmation
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2020-II
Component: Systems Admin | Keywords:
---------------------------+---------------------------------------
Many users complain about Invalid token being returned by the LDAP account
creation verification link (or password reset). These are due to their
MUAs pre-visiting incoming links (some form of security treatment, which
is instead an INSECURE way to do things, if you ask me, as visiting a link
can DO something [as in this case]).
This ticket is to update the scripts (https://git.osgeo.org/gitea/sac/web-
cgi-bin) to only act upon POST and provide a form which POSTs when
clicking a button if called with a GET. This should fix this problem
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2527>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list