You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Albrecht Striffler (JIRA)" <ji...@apache.org> on 2019/01/21 12:17:00 UTC

[jira] [Updated] (JSPWIKI-1075) Add CSRF protection

     [ https://issues.apache.org/jira/browse/JSPWIKI-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Albrecht Striffler updated JSPWIKI-1075:
----------------------------------------
    Description: 
As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site Request Forgery (CSRF). Are there plans (or previous work) to add for example some additional session token to prevent CSRF?

I'm willing to contribute here, but some general discussion about how and where to implement this would be helpful. 

> Add CSRF protection
> -------------------
>
>                 Key: JSPWIKI-1075
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1075
>             Project: JSPWiki
>          Issue Type: Bug
>            Reporter: Albrecht Striffler
>            Priority: Major
>
> As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site Request Forgery (CSRF). Are there plans (or previous work) to add for example some additional session token to prevent CSRF?
> I'm willing to contribute here, but some general discussion about how and where to implement this would be helpful. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)