On Mar 24, 2014, at 3:49 PM, Akash Jain <akash.delh...@gmail.com> wrote:
> How can I prevent CSRF protection using Tomcat 7 ? > > I have heard that tomcat 7 provides CSRF filter > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html Yes. The manager application uses it. You could look at the source code, if you need an example. > But is it thread safe ? I do not know off the top of my head. Is there a reason that you are asking? Have you seen something that would indicate that it is not? Dan > Or shall we do a custom protection in our spring 3 application ? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org