[Owasp-csrfguard] How to exclude css anf jpeg file from csrf token?

ashish kumar Gautam gautamashishkumar at gmail.com
Tue Jan 3 09:06:40 UTC 2012


Dear All,


I am able to config CSRF Guard in our project and project is working well.

But Problem is that  CSRF Guard enforce to send a csrf token during call to
the CSS file and JPEG file.
How it is possible to exclude the ccs and jpeg file?


*Console:-*
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/index.jsp
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/style.css
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/images/quote_top.jpg
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/images/body_bg.jpg
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/images/header_selected.jpg
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/images/logo.jpg
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/images/quote_bottom.jpg
[Tue Jan 03 14:24:13 IST 2012] [Error] potential cross-site request forgery
(CSRF) attack thwarted (user:<anonymous>, ip:10.1.10.129,
uri:/csrfguardfixed/images/body_bg.jpg, error:required token is missing
from the request)
[Tue Jan 03 14:24:13 IST 2012] [Error] potential cross-site request forgery
(CSRF) attack thwarted (user:<anonymous>, ip:10.1.10.129,
uri:/csrfguardfixed/images/quote_top.jpg, error:required token is missing
from the request)
[Tue Jan 03 14:24:13 IST 2012] [Error] potential cross-site request forgery
(CSRF) attack thwarted (user:<anonymous>, ip:10.1.10.129,
uri:/csrfguardfixed/images/quote_bottom.jpg, error:required token is
missing from the request)
[Tue Jan 03 14:24:13 IST 2012] [Error] potential cross-site request forgery
(CSRF) attack thwarted (user:<anonymous>, ip:10.1.10.129,
uri:/csrfguardfixed/images/header_selected.jpg, error:required token is
missing from the request)
[Tue Jan 03 14:24:13 IST 2012] [Error] potential cross-site request forgery
(CSRF) attack thwarted (user:<anonymous>, ip:10.1.10.129,
uri:/csrfguardfixed/images/logo.jpg, error:required token is missing from
the request)
[Tue Jan 03 14:24:13 IST 2012] [Info] CsrfGuard analyzing request
/csrfguardfixed/error.jsp



-- 
Best regards,
Ashish K. Gautam
NIC, Delhi INDIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120103/bf9f5f04/attachment.html>


More information about the Owasp-csrfguard mailing list