Thanks. Do you know if tomcat 7 inbuilt CSRF has nonce thread safe issue ?
On Mon, Mar 24, 2014 at 12:52 PM, Rossen Stoyanchev < rstoyanc...@gopivotal.com> wrote: > Spring Security provides CSRF protection as well: > > http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/reference/htmlsingle/#csrf > > > On Mon, Mar 24, 2014 at 3:49 PM, Akash Jain <akash.delh...@gmail.com> > wrote: > > > How can I prevent CSRF protection using Tomcat 7 ? > > > > I have heard that tomcat 7 provides CSRF filter > > > > > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html > > > > But is it thread safe ? > > > > Or shall we do a custom protection in our spring 3 application ? > > >
