[Owasp-csrfguard] The meaning of NewTokenLandingPage
pradtke at stanford.edu
Thu Jul 14 13:27:54 EDT 2011
On 7/14/11 3:44 AM, Anders Båtstrand wrote:
> I am trying to use CSRFGuard in an application, but I am having some
> troubles. First, let me start with a question about NewTokenLandingPage.
> If I read the source code correct, the NewTokenLandingPage is written
> to the response if session.isNew(), even if you visit an unprotected
I thought the CsrfGuardFilter would only get invoked if the page matched
the URLs you defined as protected in the web.xml
> I do not see the purpose of this, as the page does not require a
> token. Is there someone that would like to elaborate on the meaning of
> the NewTokenLandingPage?
I have never used it.
> PS: Is there any plans for migrating the project to Maven, and using
> automatic testing? I would be very happy to help in that matter.
I would also be happy to help with such an effort.
More information about the Owasp-csrfguard