[Owasp-csrfguard] Cant Get Forms Working

Nirav nirav.shah83 at gmail.com
Fri Jul 29 11:59:06 EDT 2011


Hi Patrick,

Thanks for replying. We are using the Javascript DOM Manipulation. The
application POSTs to a URL without the token.
The token's included in the Referer header. A firebug snapshot attached.

Thanks!
Nirav



On Fri, Jul 29, 2011 at 4:45 PM, Patrick Radtke <pradtke at stanford.edu>wrote:

>  On 7/29/11 7:29 AM, Nirav wrote:
>
> Hello All !
>
> I just got the latest version of the CSRFGuard from github and built it and
> deployed it on our application on Glassfish 2.1. We use Stripes as our MVC.
> Most parts of the app seem to be working fine and I see the token being
> injected where it should be. But I cant get any of the forms to work. The
> POST in firebug shows the token being sent. But when its intercepted by the
> CSRFGuardFilter - it does not find it. I debugged further and found that
> there were no request parameters at all in my HTTPRequest !
>
> Any idea what the weirdness is? We have been at it for two days now ! :(
>
> Regards!
> Nirav
>
>  Are you posting with the token as a form parameter, or are you posting to
> URL that contains the token?
> We post to a url that contains the token and that works fine.
> Are you using the JavaScript library or the JSTL tags?
>
> -Patrick
>
>
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20110729/d4b02524/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PostHeader.JPG
Type: image/jpeg
Size: 120772 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20110729/d4b02524/attachment-0001.jpe 


More information about the Owasp-csrfguard mailing list