Re: CSRF Tokens

[Maxim Solodovnik]

Please check this chapter:
https://ci.apache.org/projects/wicket/guide/8.x/single.html#_csrf_protection
:))

On Sat, Feb 10, 2018 at 3:27 AM, Entropy  wrote:

> One of our apps just underwent a security scan, and they complained about
> Cross-Site Request Forgery (CSRF) vulnerability.  Yet, i went to google and
> found this:
>
> https://issues.apache.org/jira/browse/WICKET-1782
>
> Which seems to say that CSRF was fixed in 1.4 of Wicket.  We're mostly on
> 1.6.  Is there something we have to do to "turn on" Wicket's CSRF token?
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-
> f1842947.html
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>


-- 
WBR
Maxim aka solomax

CSRF Tokens

[Entropy]

One of our apps just underwent a security scan, and they complained about
Cross-Site Request Forgery (CSRF) vulnerability.  Yet, i went to google and
found this:

https://issues.apache.org/jira/browse/WICKET-1782

Which seems to say that CSRF was fixed in 1.4 of Wicket.  We're mostly on
1.6.  Is there something we have to do to "turn on" Wicket's CSRF token?  

--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org