[ https://issues.apache.org/jira/browse/OFBIZ-11425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17069336#comment-17069336 ]
Jacques Le Roux commented on OFBIZ-11425: ----------------------------------------- If you are interested to test, manually or with the tool of you choice, you can do so at https://168.63.29.103:8443/webtools https://168.63.29.103:8443/ecomseo This is thank to Ross Gardler and Microsoft for providing an Azure Ubuntu 18.04.4 LTS VM where I installed OFBiz trunk patched for CSRF. Please break it :) > Test "POC for CSRF Token" > ------------------------- > > Key: OFBIZ-11425 > URL: https://issues.apache.org/jira/browse/OFBIZ-11425 > Project: OFBiz > Issue Type: Test > Components: ALL APPLICATIONS > Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Major > > Hi All, > This "test" Jira to ask your help to review and test the work done in > OFBIZ-11306. We have done all our possible, and now help is welcome. If you > are experienced with penetrations tools, please use them. > You can find the branch to use in > https://github.com/JacquesLeRoux/ofbiz-framework/tree/POC-for-CSRF-Token-OFBIZ-11306. > It's ready to merge in OFBiz trunk but we will not create a PR before being > rassured that we (James and I) did not miss any issues. Like links without > "csrf" token, or regressions introduced by the effort. > TIA -- This message was sent by Atlassian Jira (v8.3.4#803005)