[
https://issues.apache.org/jira/browse/KNOX-198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13833903#comment-13833903
]
ASF subversion and git services commented on KNOX-198:
------------------------------------------------------
Commit 03853f968e32fccd5a8bf45afe9b842648f5936c in branch refs/heads/master
from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-knox.git;h=03853f9 ]
KNOX-198 - add the service contributor changes to add webappsec provider and
remove extraneous dependencies in pom.xml
> CSRF header support
> -------------------
>
> Key: KNOX-198
> URL: https://issues.apache.org/jira/browse/KNOX-198
> Project: Apache Knox
> Issue Type: New Feature
> Components: ClientDSL, Server
> Affects Versions: 0.3.0
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.4.0
>
>
> Determine the approach for CSRF prevention and how to align with the
> protection that needs to be provided at the service endpoints themselves. The
> services need to provide this for when Knox is not deployed.
> Does Knox just pass through the custom header that is sent by the client?
> Does Knox have its own relationship and established header value with the
> services?
> How do we communicate the required header values and names to the Knox
> clients of various types - including Knox ClientDSL?
--
This message was sent by Atlassian JIRA
(v6.1#6144)
