[Owasp-csrfguard] CSRF Guard issue

eric sheridan eric.sheridan at owasp.org
Mon Dec 6 11:30:35 EST 2010


Ensure you define a value for the org.owasp.csrfguard.NewTokenRedirectPage
property. This is the page the user is redirected to after the CSRF token is
created. You can probably set this property to the URI of your login page.
Note that you'll still get CSRFException errors if your login page is also
protected by CSRFGuard as the redirect to the NewTokenRedirectPage will not
contain the CSRF parameter. Either redirect to another unprotected landing
page or do not protect the login page, either by not mapping the filter to
its uri or adding the login uri as an unprotected page in
csrfguard.properties.

-Eric

On Mon, Dec 6, 2010 at 2:48 AM, sumit gupta <sumitgupta27 at gmail.com> wrote:

> Hi,
>
> I am trying to configure it for my project but facing issues in configuring
> it.Please see my attached csrfguard.properties file and already entered
> correct mappings in web.xml and included the required csrfguard.jar but when
> i send first login request to my application its getting blanked
> and mutable http response have no parameter of CSRFtoken.Please help.
>
> Thanks
> Sumit
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20101206/3a8e15da/attachment.html 


More information about the Owasp-csrfguard mailing list