You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's a security problem on gapps related to CSRF (Cross-Site Request Forgery) tokens, particularly when updating user profiles. Currently, if a user is logged in, their password can be changed without their permission with just one click. This happens because of not using CSRF tokens, which are special codes meant to make sure that the person making changes on the website is the actual user and not someone else trying to interfere. Without these tokens, there's a risk that an outsider could trick a user into clicking a link or a button that would unknowingly change their password or make other unwanted changes to their profile. It's important to fix this to keep users' accounts safe.
The text was updated successfully, but these errors were encountered:
As a notice, this is a open-source project and I'm the only maintainer. It provides little value to highlight issues and never open PR's. I encourage you both to open a PR to fix the issue. In the README, it explains the project is still in Beta and should not be used in production.
Eventually I will get around to it, but there's no guarantee. That's why you both should open a PR to fix the issue.
@bmarsh9, I tried to resolve these issues, but I am not familiar enough with flask. However, if you give me a guide in this regards, I can help with PRs. Furthermore, I can retest my findings.
There's a security problem on gapps related to CSRF (Cross-Site Request Forgery) tokens, particularly when updating user profiles. Currently, if a user is logged in, their password can be changed without their permission with just one click. This happens because of not using CSRF tokens, which are special codes meant to make sure that the person making changes on the website is the actual user and not someone else trying to interfere. Without these tokens, there's a risk that an outsider could trick a user into clicking a link or a button that would unknowingly change their password or make other unwanted changes to their profile. It's important to fix this to keep users' accounts safe.
The text was updated successfully, but these errors were encountered: