[Owasp-csrfguard] Cant Get Forms Working

Nirav nirav.shah83 at gmail.com
Mon Aug 1 11:20:14 EDT 2011


Thanks Patrick ! That make's sense.
I will in that case look at going around that issue and try and implement
something of my own. Cause I can see the actual token being sent through as
part of the form data - the CSRFGuardFilter gets confused cause it cant find
it on the URI.

But this is very helpful information. Thanks Much!



On Mon, Aug 1, 2011 at 3:55 PM, Patrick Radtke <pradtke at stanford.edu> wrote:

> On 8/1/11 7:28 AM, Nirav wrote:
>
>> Hello!
>>
>> Thanks for your suggestion below. I did further prod into the HTML source
>> and need some help understanding how the form submission works. As you can
>> see from the attached screenshot, there is a hidden field that gets inserted
>> into the HTML, it just doesn't get used. Where should I be looking for the
>> code that actually makes the form submit with the hidden field?
>>
> Hi Nirav,
>
> CSRF Guard doesn't currently support
>
> enctype="multipart/form-data"
> https://lists.owasp.org/**pipermail/owasp-csrfguard/**
> 2011-February/000045.html<https://lists.owasp.org/pipermail/owasp-csrfguard/2011-February/000045.html>
>
> If you look back a few commits in github, you can see Eric had started
> working on a
> fix. I don't know how much work is left to do on it.
>
> -Patrick
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20110801/88905e8a/attachment.html 


More information about the Owasp-csrfguard mailing list