[Owasp-csrfguard] CSRF Guard issue

sumit gupta sumitgupta27 at gmail.com
Wed Dec 15 08:10:17 EST 2010


Can anybody helps.

Thanks
Sumit

On Tue, Dec 14, 2010 at 7:47 PM, sumit gupta <sumitgupta27 at gmail.com> wrote:

> HI Eric,
>
> I am not sure but there is problem with csrfGuard.properties file instead
> of using
>
> org.owasp.csrfguard.handler.JavaScriptHandler=org.owasp.csrfguard.handlers.JavaScriptHandler
>
> we have to use
>
> org.owasp.csrfguard.ResponseHandler=org.owasp.csrfguard.handlers.JavaScriptHandler
> to use different handler otherwise it always use DefaultHandler.
>
> Please correct me if this a wrong configuration and even after making that
> change i am able to use JavaScriptHandler but my html pages getting
> deformed.Is this a know issue or my configuration is not correct.
>
> Thanks
> Sumit
>
>
> On Mon, Dec 6, 2010 at 10:00 PM, eric sheridan <eric.sheridan at owasp.org>wrote:
>
>> Ensure you define a value for the org.owasp.csrfguard.NewTokenRedirectPage
>> property. This is the page the user is redirected to after the CSRF token is
>> created. You can probably set this property to the URI of your login page.
>> Note that you'll still get CSRFException errors if your login page is also
>> protected by CSRFGuard as the redirect to the NewTokenRedirectPage will not
>> contain the CSRF parameter. Either redirect to another unprotected landing
>> page or do not protect the login page, either by not mapping the filter to
>> its uri or adding the login uri as an unprotected page in
>> csrfguard.properties.
>>
>> -Eric
>>
>> On Mon, Dec 6, 2010 at 2:48 AM, sumit gupta <sumitgupta27 at gmail.com>wrote:
>>
>>> Hi,
>>>
>>> I am trying to configure it for my project but facing issues in
>>> configuring it.Please see my attached csrfguard.properties file and
>>> already entered correct mappings in web.xml and included the required
>>> csrfguard.jar but when i send first login request to my application its
>>> getting blanked and mutable http response have no parameter of
>>> CSRFtoken.Please help.
>>>
>>> Thanks
>>> Sumit
>>>
>>> _______________________________________________
>>> Owasp-csrfguard mailing list
>>> Owasp-csrfguard at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20101215/8a5e127c/attachment.html 


More information about the Owasp-csrfguard mailing list