Commit 8edac8ab authored 4 years ago by DramixDw Committed by Jeremy Kersten 4 years ago

[IMP] website_sale: /shop/cart/update as POST with csrf


The /shop/cart/update was accepting both GET and POST request. Therefore,
we couldn't have csrf on the route meaning any website could change your
cart if the route was known.

task-2263776

closes odoo/odoo#51486

Signed-off-by: Jérémy Kersten (jke) <jke@openerp.com>

parent 0f2cada3

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 16 additions and 22 deletions

Please register or to comment