+1 with CSRF defense enabled in Demo > Hi, > > I thought about that a bit more. I suggest to let the stable version (soon, > R17) as is, ie with CSRF defense enabled. This way users, mostly > interested in stable, would see the real situation. > > And to use the NoCsrfDefenseStrategy in trunk. So developers, often brought > to use the trunk for development reasons, would have more latitude; as > they certainly will do locally. > > If nobody disagree we will do so at > https://issues.apache.org/jira/browse/OFBIZ-11472 with Swapnil > > If we do so, the link > https://demo-stable.ofbiz.apache.org/ordermgr/control/main?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y > will no longer work. > > https://demo-stable.ofbiz.apache.org/ordermgr should be used and we need to > update https://ofbiz.apache.org/ofbiz-demos.html for that. > > Jacques > >
- Re: [TEST] Test "POC for CSRF Token" Jacques Le Roux
- Re: [TEST] Test "POC for CSRF Token" Pierre Smits
- Re: [TEST] Test "POC for CSRF Token" Jacques Le Roux
- Re: [TEST] Test "POC for CSRF Token&quo... Girish Vasmatkar
- Re: [TEST] Test "POC for CSRF Token... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Michael Brohl
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... James Yong
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Girish Vasmatkar
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... James Yong
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... James Yong
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux
- Re: [TEST] Test "POC for CSRF ... Jacques Le Roux