[Owasp-csrfguard] Issue with IE8
Unmesh Desale
Unmesh_Desale at symantec.com
Tue Aug 6 03:41:01 UTC 2013
Thanks so much Rajesh....
I will try this at my end and will get back to you.
Thanks,
Unmesh Desale
________________________________
Office: +91 20 40754 4823 Mobile: +91 9657725432
unmesh_desale at symantec.com
________________________________
From: Rajesh Punjabi [mailto:rajesh_punjabi at hotmail.com]
Sent: Monday, August 05, 2013 10:44 PM
To: Unmesh Desale; owasp-csrfguard at lists.owasp.org
Subject: RE: [Owasp-csrfguard] Issue with IE8
I got into the same issue and here is what I wrote earlier on a thread.
It seems when the JavaScriptServlet injects tokens to all the elements in the DOM, it also attaches the token to <script src=''> and <link href=''>.
In IE8 the browser loads all the css files and JS files twice. This seems to screw up things.
You could try to make the INJECT_ATTRIBUTES parameter as false.
Alternatively, if you think this may break some functionality you desire then in the injectTokenAttribute() method I added the following line. (more of a hack)
if(location != null && isValidUrl(location) && !location.toLowerCase().endsWith(".css") && !location.toLowerCase().endsWith(".js") && !location.toLowerCase().endsWith("javascriptservlet")) {
var uri = parseUri(location);
.....................
}
So basically for js, css files we shouldn't need to attach the CSRFTOKEN attribute.
HTH
Best,
Rajesh
________________________________
From: Unmesh_Desale at symantec.com
To: owasp-csrfguard at lists.owasp.org
Date: Mon, 5 Aug 2013 05:41:03 -0700
Subject: [Owasp-csrfguard] Issue with IE8
Hi All,
I have configured OWASP CSRFGuard for my project. It is working fine when I am browsing my site using Firefox Mozilla but same site doesn't not work when I browse it through IE 8. This module is not able to inject CSRF token for IE8.
Is this module works (supports) IE8 and higher versions? Is it cross-browser compatible?
Please suggest me some solution. I am in urgent need of help.
Thanks,
Unmesh Desale
________________________________
Office: +91 20 40754 4823 Mobile: +91 9657725432
unmesh_desale at symantec.com
________________________________
_______________________________________________ Owasp-csrfguard mailing list Owasp-csrfguard at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20130805/0190a9d1/attachment.html>
More information about the Owasp-csrfguard
mailing list