[Owasp-csrfguard] Why doPost(--) in JavaScriptServlet.java enforces enabling TokenPerPage?
suresh kumar
koorella.suri at gmail.com
Mon Mar 5 07:13:34 UTC 2012
Hi,
Why doPost(--) in JavaScriptServlet.java enforces enabling TokenPerPage?
Code snippet taken from JavaScriptServlet.java file:
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
HttpSession session = request.getSession(true);
CsrfGuard csrfGuard =
(CsrfGuard)session.getAttribute("Owasp_CsrfGuard_Session_Key");
if ((csrfGuard != null) && (csrfGuard.isTokenPerPageEnabled()))
writePageTokens(request, response);
else
response.sendError(404);
}
Thanks,
Suresh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120305/7fef9d22/attachment.html>
More information about the Owasp-csrfguard
mailing list