[
https://issues.apache.org/jira/browse/JSPWIKI-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Albrecht Striffler updated JSPWIKI-1075:
----------------------------------------
Description:
As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site
Request Forgery (CSRF). Are there plans (or previous work) to add for example
some additional session token to prevent CSRF?
I'm willing to contribute here, but some general discussion about how and where
to implement this would be helpful.
More info about CSRF here:
[https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet]
was:
As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site
Request Forgery (CSRF). Are there plans (or previous work) to add for example
some additional session token to prevent CSRF?
I'm willing to contribute here, but some general discussion about how and where
to implement this would be helpful.
> Add CSRF protection
> -------------------
>
> Key: JSPWIKI-1075
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1075
> Project: JSPWiki
> Issue Type: Bug
> Reporter: Albrecht Striffler
> Priority: Major
>
> As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site
> Request Forgery (CSRF). Are there plans (or previous work) to add for example
> some additional session token to prevent CSRF?
> I'm willing to contribute here, but some general discussion about how and
> where to implement this would be helpful.
> More info about CSRF here:
> [https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
