[Owasp-csrfguard] CSRF Guard issue
sumitgupta27 at gmail.com
Tue Dec 14 09:17:26 EST 2010
I am not sure but there is problem with csrfGuard.properties file instead of
we have to use
to use different handler otherwise it always use DefaultHandler.
Please correct me if this a wrong configuration and even after making that
deformed.Is this a know issue or my configuration is not correct.
On Mon, Dec 6, 2010 at 10:00 PM, eric sheridan <eric.sheridan at owasp.org>wrote:
> Ensure you define a value for the org.owasp.csrfguard.NewTokenRedirectPage
> property. This is the page the user is redirected to after the CSRF token is
> created. You can probably set this property to the URI of your login page.
> Note that you'll still get CSRFException errors if your login page is also
> protected by CSRFGuard as the redirect to the NewTokenRedirectPage will not
> contain the CSRF parameter. Either redirect to another unprotected landing
> page or do not protect the login page, either by not mapping the filter to
> its uri or adding the login uri as an unprotected page in
> On Mon, Dec 6, 2010 at 2:48 AM, sumit gupta <sumitgupta27 at gmail.com>wrote:
>> I am trying to configure it for my project but facing issues in
>> configuring it.Please see my attached csrfguard.properties file and
>> already entered correct mappings in web.xml and included the required
>> csrfguard.jar but when i send first login request to my application its
>> getting blanked and mutable http response have no parameter of
>> CSRFtoken.Please help.
>> Owasp-csrfguard mailing list
>> Owasp-csrfguard at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfguard