[Owasp-csrfguard] Struts 2 integration with csrfguard.js

Naveen Reddy lovenaveen at gmail.com
Thu Mar 6 19:00:50 UTC 2014


Hi,
 Iam using Struts2 and I tried implementing the csrfguard via the dynamic
javascript, I see no errors but it doesnot seem to work. It is only working
if the token is missing. Also I see the token on the url. I see that tah
tokens are being properly generated and embedded to teh links and buttons
on the page, but when I copy the URL and paste in a different tab or window
and clcik enter I see the results. Am I not supposed to see that its a CSRF
attack? Also how different is the CSRF framework inbuilt in Struts2 to
the csrfguard?  Your feed back will be appreciated.

Thanks,
Naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20140306/33f672f3/attachment.html>


More information about the Owasp-csrfguard mailing list