In the file /apps/dav/lib/Connector/Sabre/Auth Line 173 (Function requiresCSRFCheck) we skip CSRF checks only for GET requests. Why not for HEAD requests?
I mean a HEAD request is a GET request without the BODY:
Can we add a the HEAD method here too? If yes I can create a pull request if you want.
In the file /apps/dav/lib/Connector/Sabre/Auth Line 173 (Function requiresCSRFCheck) we skip CSRF checks only for GET requests. Why not for HEAD requests?
I mean a HEAD request is a GET request without the BODY:
Can we add a the HEAD method here too? If yes I can create a pull request if you want.