[Owasp-csrfguard] Owasp-csrfguard Digest, Vol 19, Issue 3

ashish kumar Gautam gautamashishkumar at gmail.com
Thu Jan 12 12:24:28 UTC 2012


Hi  Cecile ,

I think you needs to send a token from client side.
Follow the following Rules

1- You needs to send a token from client side if you are using JavaScript
to inject a Token.
But if not work you needs to check your JavaScript file .


2- You can inject the token using JSP tag.






On Thu, Jan 12, 2012 at 5:30 PM, <owasp-csrfguard-request at lists.owasp.org>wrote:

> Send Owasp-csrfguard mailing list submissions to
>        owasp-csrfguard at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
> or, via email, send a message with subject or body 'help' to
>        owasp-csrfguard-request at lists.owasp.org
>
> You can reach the person managing the list at
>        owasp-csrfguard-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-csrfguard digest..."
>
>
> Today's Topics:
>
>   1. [Error] potential cross-site request forgery      (CSRF) attack
>      thwarted (cecile forella)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 12 Jan 2012 10:32:27 +0000
> From: cecile forella <forellacecile at hotmail.fr>
> To: <owasp-csrfguard at lists.owasp.org>
> Subject: [Owasp-csrfguard] [Error] potential cross-site request
>        forgery (CSRF) attack thwarted
> Message-ID: <SNT120-W46CABA1C6624544D5BA417C09F0 at phx.gbl>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> Hello,
>
> I've followed the whole installation instruction of csrfguard. I've used
> the javascript solution and included the script in my pages but I always
> have the error :
>
> [Error] potential cross-site request forgery (CSRF) attack thwarted
>
> when I try to go to one of the pages.
>
> What can I do?
>
> Thanks in advance for your help
>
> Cecile
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120112/149598e8/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
>
> End of Owasp-csrfguard Digest, Vol 19, Issue 3
> **********************************************
>



-- 
Best regards,
Ashish K. Gautam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120112/4e3912d0/attachment.html>


More information about the Owasp-csrfguard mailing list