Hi Leigh, There is no build-in way to do this. For Direct Actions you have to do it on your own. Component Actions are already somewhat safe due to the obscure nature of the element ID on the URL. But if someone knows WO and is familiar with the structure of your site there is still a window for CSRF attacks. I don’t think you can do anything automatic without having access to the WO source code, but the ERXForm etc. subclasses that Wonder installs might let you create an automated way of doing this.
Chuck From: Webobjects-dev <webobjects-dev-bounces+chill=gevityinc....@lists.apple.com> on behalf of Leigh Kivenko <lei...@portfolioaid.com> Date: Friday, December 15, 2017 at 11:56 AM To: WebObjects-Dev <webobjects-dev@lists.apple.com> Subject: Cross-Site Request Forgery Hello, Just wondering if anyone has ever had to harden their WebObjects applications against CSRF: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet Is there a way to have WebObjects do this automatically or do we need to implement this on our own? Thanks, Leigh Kivenko | VP, Technology PortfolioAid t. 416-479-0523 | e. lei...@portfolioaid.com<mailto:lei...@portfolioaid.com> This e-mail may be privileged and confidential. If you received this e-mail in error, please do not use, copy or distribute it, but advise me immediately (by return e-mail or otherwise), and delete the e-mail.
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com