a1d0b8402e
Git pull uses a POST request, which is treated as a write request and the CSRF token is checked. However, no modification to the server is made by git pulls, as far as I know (actually I'm not sure why it uses a POST). The entire response is handled by the git command, and the client side is usually the git command running in the terminal, there's no session and no cookies (as far as I know). So I'm just disabling CSRF token checking for this route. |
||
---|---|---|
.. | ||
Control/Applicative | ||
Darcs/Local | ||
Data | ||
Database | ||
Diagrams | ||
Formatting | ||
Language/Haskell/TH/Quote | ||
Network/SSH | ||
Text | ||
Vervis | ||
Web/PathPieces | ||
Yesod | ||
GitPackProto.hs |