[Owasp-csrfguard] csfrguard doesn't seem to work with my frames

Sam Theman xray316 at hotmail.com
Fri Oct 28 12:23:39 EDT 2011


Hello,
PLEASE HELP!
I have CSRFGuard working for my application, EXCEPT if I use frames. 
See the below sequence. I have an iframe in the frames.jsp, but is says it is missing the token... see below code also... can anyone help????
[Fri Oct 28 12:20:35 EDT 2011] [Info] CsrfGuard analyzing request /crs/frames.jsp[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/JavaScriptServlet[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/HelloServlet (in my iframe)[Fri Oct 28 12:20:38 EDT 2011] [Error] potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:129.6.84.222, uri:/crs/HelloServlet, error:required token is missing from the request)[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/error.html[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/HelloServlet[Fri Oct 28 12:20:38 EDT 2011] [Error] potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:129.6.84.222, uri:/crs/HelloServlet, error:request token does not match session token)[Fri Oct 28 12:20:38 EDT 2011] [Info] CsrfGuard analyzing request /crs/error.html


frames.jsp ::::
<html><head>        <title>Main screen</title></head><script src="/crs/JavaScriptServlet"></script>
<iframe src="/crs/HelloServlet"></iframe></html>
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20111028/93b68bdb/attachment.html 


More information about the Owasp-csrfguard mailing list