[Owasp-csrfguard] CSRF Guard issue

sumit gupta sumitgupta27 at gmail.com
Tue Dec 14 09:17:26 EST 2010


HI Eric,

I am not sure but there is problem with csrfGuard.properties file instead of
using
org.owasp.csrfguard.handler.JavaScriptHandler=org.owasp.csrfguard.handlers.JavaScriptHandler

we have to use
org.owasp.csrfguard.ResponseHandler=org.owasp.csrfguard.handlers.JavaScriptHandler
to use different handler otherwise it always use DefaultHandler.

Please correct me if this a wrong configuration and even after making that
change i am able to use JavaScriptHandler but my html pages getting
deformed.Is this a know issue or my configuration is not correct.

Thanks
Sumit


On Mon, Dec 6, 2010 at 10:00 PM, eric sheridan <eric.sheridan at owasp.org>wrote:

> Ensure you define a value for the org.owasp.csrfguard.NewTokenRedirectPage
> property. This is the page the user is redirected to after the CSRF token is
> created. You can probably set this property to the URI of your login page.
> Note that you'll still get CSRFException errors if your login page is also
> protected by CSRFGuard as the redirect to the NewTokenRedirectPage will not
> contain the CSRF parameter. Either redirect to another unprotected landing
> page or do not protect the login page, either by not mapping the filter to
> its uri or adding the login uri as an unprotected page in
> csrfguard.properties.
>
> -Eric
>
> On Mon, Dec 6, 2010 at 2:48 AM, sumit gupta <sumitgupta27 at gmail.com>wrote:
>
>> Hi,
>>
>> I am trying to configure it for my project but facing issues in
>> configuring it.Please see my attached csrfguard.properties file and
>> already entered correct mappings in web.xml and included the required
>> csrfguard.jar but when i send first login request to my application its
>> getting blanked and mutable http response have no parameter of
>> CSRFtoken.Please help.
>>
>> Thanks
>> Sumit
>>
>> _______________________________________________
>> Owasp-csrfguard mailing list
>> Owasp-csrfguard at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20101214/98fcf3c6/attachment.html 


More information about the Owasp-csrfguard mailing list