[Owasp-csrfguard] CSRF Guard issue
sumitgupta27 at gmail.com
Wed Dec 15 08:10:17 EST 2010
Can anybody helps.
On Tue, Dec 14, 2010 at 7:47 PM, sumit gupta <sumitgupta27 at gmail.com> wrote:
> HI Eric,
> I am not sure but there is problem with csrfGuard.properties file instead
> of using
> we have to use
> to use different handler otherwise it always use DefaultHandler.
> Please correct me if this a wrong configuration and even after making that
> deformed.Is this a know issue or my configuration is not correct.
> On Mon, Dec 6, 2010 at 10:00 PM, eric sheridan <eric.sheridan at owasp.org>wrote:
>> Ensure you define a value for the org.owasp.csrfguard.NewTokenRedirectPage
>> property. This is the page the user is redirected to after the CSRF token is
>> created. You can probably set this property to the URI of your login page.
>> Note that you'll still get CSRFException errors if your login page is also
>> protected by CSRFGuard as the redirect to the NewTokenRedirectPage will not
>> contain the CSRF parameter. Either redirect to another unprotected landing
>> page or do not protect the login page, either by not mapping the filter to
>> its uri or adding the login uri as an unprotected page in
>> On Mon, Dec 6, 2010 at 2:48 AM, sumit gupta <sumitgupta27 at gmail.com>wrote:
>>> I am trying to configure it for my project but facing issues in
>>> configuring it.Please see my attached csrfguard.properties file and
>>> already entered correct mappings in web.xml and included the required
>>> csrfguard.jar but when i send first login request to my application its
>>> getting blanked and mutable http response have no parameter of
>>> CSRFtoken.Please help.
>>> Owasp-csrfguard mailing list
>>> Owasp-csrfguard at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfguard