voyent
Messages posted by: johnsky  XML
Profile for johnsky -> Messages posted by johnsky [2]
Author Message
Thanks, didn't know that! Good to hear ...

How can I review this functionality? Is there some documentation about it?

I saw this post:
http://www.icesoft.org/JForum/posts/list/15275.page#sthash.FFS12sVb.dpbs
but it points to a whitepaper which doesnt say anything about csrf

Thanks in advance
Hi,
I am trying out csrf guard which is a security framework protecting jsf apps against csrf attacks.
My current app is using icefaces 1.8.3 with seam on a JBoss 7.
So far the first integration steps are quite successful.

CSRF Guard injects hidden input parameters based on a JS-Script on each new page.
In the case of select-menus and partial submits it is ocurring the following problem:
first request sends the csrf-token correctly. But after partially refreshing the page it looses the token, because csrf guard does not detect it as a fully form submit. So it is not re-injecting the token.

My question:
is there an attribute which I can add to my csrf-token which tells icefaces NOT to eliminate this token?

Thanks in advance
 
Profile for johnsky -> Messages posted by johnsky [2]
Go to:   
Powered by JForum 2.1.7ice © JForum Team