[Owasp-csrfguard] Cant Get Forms Working
pradtke at stanford.edu
Sat Jul 30 16:56:10 EDT 2011
On 7/29/11 8:59 AM, Nirav wrote:
> Hi Patrick,
> application POSTs to a URL without the token.
> The token's included in the Referer header. A firebug snapshot attached.
The token should be added as a hidden form field. The referer header
just shows which page you were posting from, in
your case you are posting from a page that had a token in the URL.
added as a hidden from field.
> On Fri, Jul 29, 2011 at 4:45 PM, Patrick Radtke <pradtke at stanford.edu
> <mailto:pradtke at stanford.edu>> wrote:
> On 7/29/11 7:29 AM, Nirav wrote:
>> Hello All !
>> I just got the latest version of the CSRFGuard from github and
>> built it and deployed it on our application on Glassfish 2.1. We
>> use Stripes as our MVC. Most parts of the app seem to be working
>> fine and I see the token being injected where it should be. But I
>> cant get any of the forms to work. The POST in firebug shows the
>> token being sent. But when its intercepted by the CSRFGuardFilter
>> - it does not find it. I debugged further and found that there
>> were no request parameters at all in my HTTPRequest !
>> Any idea what the weirdness is? We have been at it for two days
>> now ! :(
> Are you posting with the token as a form parameter, or are you
> posting to URL that contains the token?
> We post to a url that contains the token and that works fine.
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> <mailto:Owasp-csrfguard at lists.owasp.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfguard