[Owasp-csrfguard] CSRFGuard IE8 compatibility

Tom Barber tom.a.barber at gmail.com
Mon Jul 8 18:20:37 UTC 2013



Upon finding a similar issue to that you detailed below previously I
stumbled across this email you sent last year. Were you able to make
progress on this? Our application has to support IE8 :(


My issue specifically is that in IE8 the tokens are not being attached to
XMLHttpRequest headers, within the override of the
XMLHttpRequest.prototype.onsend  within the js.









At the outset, I want to congratulate OWASP for its efforts in getting a

framework available for CSRF anti-tokens. This is really a plug-and-play

kind of implementation.


But then, I am facing an issue with the same while implementing the same

for IE8 browser. I get an error related to


is not an object.


Later I found that, IE8 doesnt have proper Event handling API. Please let

me know what is the way forward on this issue.




Yours sincerely,


Sridhar Vedhanabatla


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20130708/e1f99404/attachment.html>

More information about the Owasp-csrfguard mailing list