= bug description =
See ticket:992 for CSRF explanation. Pkgdb2 allows to for example drop access with GET requests to URLs like https://admin.fedoraproject.org/pkgdb/acl/libHX/giveup/approveacls/
CSRF is enforced by using forms which we do not do for some of these URLs indeed. I'll look into this.
Fixed in https://github.com/fedora-infra/pkgdb2/commit/541c639fc2ae677da1b8f4e04366a4d918552b10
Fixed in 1.7 which is in stg
And in prod :)
Login to comment on this ticket.