I am using Restlet 2.2.0 and CookieAuthentication with an embedded Jetty plugin. In my application, I have 2 sets of pages. 1) Pages that can be viewed by an unauthenticated user 2) Pages that can be viewed only by an authenticated user
In both cases, I want to prevent CSRF/XSRF attack. It seems that by default Restlet applications are vulnerable to CSRF/XSRF unless we do "something" to prevent this. I could not figure out what to do in my application to prevent such attacks. I have read about many solutions in the internet, but none of them are discussing in reference to Restlet applications. I would appreciate if someone can guide me on how to prevent a Restlet application from CSRF/XSRF attacks. Thanks, Ramesh -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/CSRF-XSRF-prevention-in-Restlet-tp7579375.html Sent from the Restlet Discuss mailing list archive at Nabble.com. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3128028
