Hi James,
The backports in R18 and R17 went well but for RequestHandler.java
We will need to do the merge by hand. I'll begin and let you know
Later...
Jacques
Le 04/04/2020 à 19:19, Jacques Le Roux a écrit :
Hi James, All,
Done, the CSRF defense is in trunk and I'll backport it ASAP (it
Hi James, All,
Done, the CSRF defense is in trunk and I'll backport it ASAP (it has a CVE).
But I need to check that's all is OK before.
There are more things to do anyway...
Jacques
Le 04/04/2020 à 17:48, James Yong a écrit :
Hi Jacques,
Can look at JWT enhancement later.
+1 for commit.
Hi Jacques,
Can look at JWT enhancement later.
+1 for commit.
Regards,
James
On 2020/04/04 13:10:18, Jacques Le Roux wrote:
> Hi James,
>
> 1. I like the idea. Maybe we could create the class but let the
> implementation (with explanations) for those who really need it?
> 2. I did not
Hi James,
1. I like the idea. Maybe we could create the class but let the implementation
(with explanations) for those who really need it?
2. I did not mean there was a correlation between csrf-token check and auth
check. My main idea is to avoid hardcoded things like
if
