You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Juan Pablo Santos Rodríguez (Jira)" <ji...@apache.org> on 2022/08/05 08:27:00 UTC

[jira] [Closed] (JSPWIKI-1075) Add CSRF protection

     [ https://issues.apache.org/jira/browse/JSPWIKI-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Juan Pablo Santos Rodríguez closed JSPWIKI-1075.
------------------------------------------------

> Add CSRF protection
> -------------------
>
>                 Key: JSPWIKI-1075
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1075
>             Project: JSPWiki
>          Issue Type: Bug
>            Reporter: Albrecht Striffler
>            Priority: Major
>             Fix For: 2.11.3
>
>
> As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site Request Forgery (CSRF). Are there plans (or previous work) to add for example some additional session token to prevent CSRF?
> I'm willing to contribute here, but some general discussion about how and where to implement this would be helpful. 
> More info about CSRF here: [https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)