[Owasp-csrfguard] CSRF Guard issue

sumit gupta sumitgupta27 at gmail.com
Wed Dec 15 08:10:17 EST 2010

Can anybody helps.


On Tue, Dec 14, 2010 at 7:47 PM, sumit gupta <sumitgupta27 at gmail.com> wrote:

> HI Eric,
> I am not sure but there is problem with csrfGuard.properties file instead
> of using
> org.owasp.csrfguard.handler.JavaScriptHandler=org.owasp.csrfguard.handlers.JavaScriptHandler
> we have to use
> org.owasp.csrfguard.ResponseHandler=org.owasp.csrfguard.handlers.JavaScriptHandler
> to use different handler otherwise it always use DefaultHandler.
> Please correct me if this a wrong configuration and even after making that
> change i am able to use JavaScriptHandler but my html pages getting
> deformed.Is this a know issue or my configuration is not correct.
> Thanks
> Sumit
> On Mon, Dec 6, 2010 at 10:00 PM, eric sheridan <eric.sheridan at owasp.org>wrote:
>> Ensure you define a value for the org.owasp.csrfguard.NewTokenRedirectPage
>> property. This is the page the user is redirected to after the CSRF token is
>> created. You can probably set this property to the URI of your login page.
>> Note that you'll still get CSRFException errors if your login page is also
>> protected by CSRFGuard as the redirect to the NewTokenRedirectPage will not
>> contain the CSRF parameter. Either redirect to another unprotected landing
>> page or do not protect the login page, either by not mapping the filter to
>> its uri or adding the login uri as an unprotected page in
>> csrfguard.properties.
>> -Eric
>> On Mon, Dec 6, 2010 at 2:48 AM, sumit gupta <sumitgupta27 at gmail.com>wrote:
>>> Hi,
>>> I am trying to configure it for my project but facing issues in
>>> configuring it.Please see my attached csrfguard.properties file and
>>> already entered correct mappings in web.xml and included the required
>>> csrfguard.jar but when i send first login request to my application its
>>> getting blanked and mutable http response have no parameter of
>>> CSRFtoken.Please help.
>>> Thanks
>>> Sumit
>>> _______________________________________________
>>> Owasp-csrfguard mailing list
>>> Owasp-csrfguard at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20101215/8a5e127c/attachment.html 

More information about the Owasp-csrfguard mailing list