[Owasp-csrfguard] Token landing page issue when accessing application URL

Krishnan, Radhika Radhika.Krishnan at uth.tmc.edu
Fri Jul 27 13:20:07 UTC 2012

Has anybody implemented csrfguard for JSF application?


From: owasp-csrfguard-bounces at lists.owasp.org [mailto:owasp-csrfguard-bounces at lists.owasp.org] On Behalf Of Amol Walunjkar
Sent: Wednesday, July 25, 2012 2:13 PM
To: owasp-csrfguard at lists.owasp.org
Subject: [Owasp-csrfguard] Token landing page issue when accessing application URL


We have one requirement in our application. In this, the user of our application will receive an email which contains a hyperlink using which he can directly go to one of the functionality of the application.
We have utilized OSWAP framework for providing security against CSRF.
In the properties file we have set the "NewTokenLandingPage" property to home page our application.
Now the problem is that, when user launch the hyperlink from the email he received to access specific functionality he is always taken to the home page instead of the directed URL in the email.
In the documentation it is said that all query-string form parameters sent with the original request will be discarded. But then, if we have to implement such behavior in application which is the solution for this.

Does the current OSWAP framework for CSRF support such custom requirement ?

Please advice

Thanks in advance

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120727/92a7ed1a/attachment.html>

More information about the Owasp-csrfguard mailing list