[
https://issues.apache.org/jira/browse/WW-5083?focusedWorklogId=463529&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-463529
]
ASF GitHub Bot logged work on WW-5083:
--------------------------------------
Author: ASF GitHub Bot
Created on: 27/Jul/20 07:27
Start Date: 27/Jul/20 07:27
Worklog Time Spent: 10m
Work Description: salcho commented on pull request #428:
URL: https://github.com/apache/struts/pull/428#issuecomment-664170448
@JCgH4164838Gh792C124B5
Hi James,
Thanks so much for the follow up! We're getting ready to submit a second PR
soon and going through your changes is very useful. We discussed whether string
comparisons should've been case insensitive and voted against it but being
defensive, as this PR is, really can't do any harm.
All these look good to me, in particular the fact that there's now an
implicit empty set of exemptions in the interceptor, which I think is
reasonable 👍
Have a great start of the week!
:)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 463529)
Time Spent: 3h 40m (was: 3.5h)
> Fetch Metadata support
> ----------------------
>
> Key: WW-5083
> URL: https://issues.apache.org/jira/browse/WW-5083
> Project: Struts 2
> Issue Type: New Feature
> Components: Core Interceptors
> Reporter: Santiago Diaz
> Priority: Major
> Fix For: 2.6
>
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> We'd like to add built-in Fetch Metadata support to Struts2 to provide a
> simple security mechanism that developers can use to protect against
> Cross-Site Request Forgery vulnerabilities
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
