submitted 1 month ago by [email protected] to c/[email protected]

34 comments fedilink hide all child comments

Hi all. I've been having some problems keeping fedia.io running - at the moment, either the message workers or the php web server processes are dying after an hour or so and I have to restart everything. I have been working with the mbin team and installed some updates that we hoped would fix the problems, but no luck. I am going to work on a cron job to automatically restart things once an hour. The down side, is that you'll likely see some error 500's if you happen to hit it when the processes are restarting, but it should happen quickly and refreshing the page should make it work again.

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 3 points 5 days ago

it's hard to make a blanket statement, because it depends on the details of the application. CSRF attacks are definitely real and common, but using csrf tokens isn't critical in every application. For example, I think we have CORS headers enabled, I don't think we have functionality that allows embedded iframes, but we do allow links - if we have administrative functions that can be triggered solely with GET parameters, then someone could trick an administrator into doing something that caused damage by clicking on a link in a post. The only one that would obviously work that I can see is "logout", which would be annoying, but not world ending, and would work for everyone, not just administrators.

[-] [email protected] 1 points 5 days ago

Thanks. I see. I do see the importance for login & logout forms having CSRF. But it does seems a bit overkill to have it on upvotes, boost and alike.. I could be wrong.

this post was submitted on 19 Aug 2024

1 points (100.0% liked)

Fedia Discussions

1 readers

10 users here now

founded 1 year ago

MODERATORS

[email protected]