[Owasp-csrfguard] Cant Get Forms Working

Patrick Radtke pradtke at stanford.edu
Mon Aug 1 10:55:45 EDT 2011


On 8/1/11 7:28 AM, Nirav wrote:
> Hello!
>
> Thanks for your suggestion below. I did further prod into the HTML 
> source and need some help understanding how the form submission works. 
> As you can see from the attached screenshot, there is a hidden field 
> that gets inserted into the HTML, it just doesn't get used. Where 
> should I be looking for the code that actually makes the form submit 
> with the hidden field?
Hi Nirav,

CSRF Guard doesn't currently support

enctype="multipart/form-data"
https://lists.owasp.org/pipermail/owasp-csrfguard/2011-February/000045.html

If you look back a few commits in github, you can see Eric had started 
working on a
fix. I don't know how much work is left to do on it.

-Patrick


More information about the Owasp-csrfguard mailing list