You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Juan Pablo Santos Rodríguez (Jira)" <ji...@apache.org> on 2022/08/05 08:27:00 UTC
[jira] [Closed] (JSPWIKI-1075) Add CSRF protection
[ https://issues.apache.org/jira/browse/JSPWIKI-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juan Pablo Santos Rodríguez closed JSPWIKI-1075.
------------------------------------------------
> Add CSRF protection
> -------------------
>
> Key: JSPWIKI-1075
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1075
> Project: JSPWiki
> Issue Type: Bug
> Reporter: Albrecht Striffler
> Priority: Major
> Fix For: 2.11.3
>
>
> As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site Request Forgery (CSRF). Are there plans (or previous work) to add for example some additional session token to prevent CSRF?
> I'm willing to contribute here, but some general discussion about how and where to implement this would be helpful.
> More info about CSRF here: [https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)