[Owasp-csrfguard] Why doPost(--) in JavaScriptServlet.java enforces enabling TokenPerPage?

suresh kumar koorella.suri at gmail.com
Mon Mar 5 07:13:34 UTC 2012


Hi,

Why doPost(--) in JavaScriptServlet.java enforces enabling TokenPerPage?


Code snippet taken from JavaScriptServlet.java file:

public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
HttpSession session = request.getSession(true);
CsrfGuard csrfGuard =
(CsrfGuard)session.getAttribute("Owasp_CsrfGuard_Session_Key");

if ((csrfGuard != null) && (csrfGuard.isTokenPerPageEnabled()))
writePageTokens(request, response);
else
response.sendError(404);
}


Thanks,
Suresh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120305/7fef9d22/attachment.html>


More information about the Owasp-csrfguard mailing list