ChristopherSchultz opened a new pull request, #681: URL: https://github.com/apache/tomcat/pull/681
Please see https://lists.apache.org/thread/47syblyghh3tromyf6bkvl8q14w70f3x for the initial conversation. I see some potential improvements for the CSRF prevention filter that will be worthwhile. Specifically: 1. Non-enforcement mode(s?) to help locate problems without breaking an application 2. URL patterns to ignore when adding CSRF tokens (e.g. static resources) to avoid breaking caching -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org