[
https://issues.apache.org/jira/browse/KNOX-198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13833839#comment-13833839
]
ASF subversion and git services commented on KNOX-198:
------------------------------------------------------
Commit 9901058dc9dbf95b1e98311273f94eb623ecc8fe in branch refs/heads/master
from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-knox.git;h=9901058 ]
#KNOX-198 CSRF Header Support - added WebAppSec provider for web application
security vulnerability prevention and a CSRF prevention filter.
> CSRF header support
> -------------------
>
> Key: KNOX-198
> URL: https://issues.apache.org/jira/browse/KNOX-198
> Project: Apache Knox
> Issue Type: New Feature
> Components: ClientDSL, Server
> Affects Versions: 0.3.0
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.4.0
>
>
> Determine the approach for CSRF prevention and how to align with the
> protection that needs to be provided at the service endpoints themselves. The
> services need to provide this for when Knox is not deployed.
> Does Knox just pass through the custom header that is sent by the client?
> Does Knox have its own relationship and established header value with the
> services?
> How do we communicate the required header values and names to the Knox
> clients of various types - including Knox ClientDSL?
--
This message was sent by Atlassian JIRA
(v6.1#6144)
