Bug 1446431 - Allow Baseline scan to ignore forms that dont need CSRF Tokens

The data-no-csrf attribute is used to signify that a form is 'safe' (ie doesn't actually make any permanent changes) and so doesn't need an anti-csrf token.
author: Simon Bennetts <psiinon@gmail.com> 2018-04-04 19:21:33 +0200
committer: Israel Madueme <purelogiq@gmail.com> 2018-04-04 19:21:33 +0200
commit: fe259aba572e08df22557251ca9279f512f6862c (patch)
tree: 5f6428a14dd727c0c3136352413a0a28718f8cda /template/en/default/global/header.html.tmpl
parent: 3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865 (diff)
download: bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.gz
bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl
index ded28d186..1d304ad04 100644
--- a/template/en/default/global/header.html.tmpl
+++ b/template/en/default/global/header.html.tmpl
@@ -244,7 +244,7 @@
 <header id="header" role="banner">
   <div class="inner">
     <h1 id="header-title" class="title"><a href="./" title="Go to home page">[% terms.Bugzilla %]</a></h1>
-    <form role="search" id="header-search" class="quicksearch" action="buglist.cgi">
+    <form role="search" id="header-search" class="quicksearch" action="buglist.cgi" data-no-csrf>
       <section class="searchbox-outer dropdown" role="combobox" aria-expanded="false" aria-haspopup="listbox"
                aria-owns="header-search-dropdown">
         <h2>Quick Search</h2>
author	Simon Bennetts <psiinon@gmail.com>	2018-04-04 19:21:33 +0200
committer	Israel Madueme <purelogiq@gmail.com>	2018-04-04 19:21:33 +0200
commit	fe259aba572e08df22557251ca9279f512f6862c (patch)
tree	5f6428a14dd727c0c3136352413a0a28718f8cda /template/en/default/global/header.html.tmpl
parent	3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865 (diff)
download	bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.gz bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.xz