An additional bug in the current GET links: currently forum discussion pages don't enforce a trailing slash on the URL so if you go to /p/myproject/discussion/help the sub/unsub link doesn't work but it does from /p/myproject/discussion/help/
--- ** [tickets:#7685] Subscribe/unsubscribe action should use POST** **Status:** open **Milestone:** unreleased **Created:** Tue Sep 16, 2014 05:35 AM UTC by Igor Bondarenko **Last Updated:** Thu Jan 29, 2015 07:12 PM UTC **Owner:** nobody Currently all of subscribe/unsubscribe buttons (in the topbar of any tool's page and in the wiki sidebar) are using GET to make an action. Their should require POST to avoid CSRF. See also discussion at [#4905] --- Sent from forge-allura.apache.org because [email protected] is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
