[Owasp-csrfguard] csfrguard doesn't seem to work with my frames
Sam Theman
xray316 at hotmail.com
Fri Oct 28 12:23:39 EDT 2011
Hello,
PLEASE HELP!
I have CSRFGuard working for my application, EXCEPT if I use frames.
See the below sequence. I have an iframe in the frames.jsp, but is says it is missing the token... see below code also... can anyone help????
[Fri Oct 28 12:20:35 EDT 2011] [Info] CsrfGuard analyzing request /crs/frames.jsp[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/JavaScriptServlet[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/HelloServlet (in my iframe)[Fri Oct 28 12:20:38 EDT 2011] [Error] potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:129.6.84.222, uri:/crs/HelloServlet, error:required token is missing from the request)[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/error.html[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/HelloServlet[Fri Oct 28 12:20:38 EDT 2011] [Error] potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:129.6.84.222, uri:/crs/HelloServlet, error:request token does not match session token)[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/error.html
frames.jsp ::::
<html><head> <title>Main screen</title></head><script src="/crs/JavaScriptServlet"></script>
<iframe src="/crs/HelloServlet"></iframe></html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20111028/93b68bdb/attachment.html
More information about the Owasp-csrfguard
mailing list