[Owasp-csrfguard] CSRFGuard IE8 compatibility

Tom Barber tom.a.barber at gmail.com
Mon Jul 8 18:20:37 UTC 2013


Hi,

 

Upon finding a similar issue to that you detailed below previously I
stumbled across this email you sent last year. Were you able to make
progress on this? Our application has to support IE8 :(

 

My issue specifically is that in IE8 the tokens are not being attached to
XMLHttpRequest headers, within the override of the
XMLHttpRequest.prototype.onsend  within the js.

 

Thanks


Tom

 

----------------------------------------------------

 

Hi,

 

At the outset, I want to congratulate OWASP for its efforts in getting a

framework available for CSRF anti-tokens. This is really a plug-and-play

kind of implementation.

 

But then, I am facing an issue with the same while implementing the same

for IE8 browser. I get an error related to

XMLHttpRequest.prototype.open

is not an object.

 

Later I found that, IE8 doesnt have proper Event handling API. Please let

me know what is the way forward on this issue.

 

 

 

Yours sincerely,

 

Sridhar Vedhanabatla

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20130708/e1f99404/attachment.html>


More information about the Owasp-csrfguard mailing list