Re: [TEST] Test "POC for CSRF Token"

[James Yong]

+1 with CSRF defense enabled in Demo
 
> Hi,
> 
> I thought about that a bit more. I suggest to let the stable version (soon, 
> R17) as is, ie with  CSRF defense enabled. This way users, mostly 
> interested in stable, would  see the real situation.
> 
> And to use the NoCsrfDefenseStrategy in trunk. So developers, often brought 
> to use the trunk for development reasons, would have more latitude; as 
> they certainly will do locally.
> 
> If nobody disagree we will do so at 
> https://issues.apache.org/jira/browse/OFBIZ-11472 with Swapnil
> 
> If we do so, the link 
> https://demo-stable.ofbiz.apache.org/ordermgr/control/main?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y
>  will no longer work.
> 
> https://demo-stable.ofbiz.apache.org/ordermgr should be used and we need to 
> update https://ofbiz.apache.org/ofbiz-demos.html for that.
> 
> Jacques
> 
>