[Owasp-csrfguard] Struts 2 integration with csrfguard.js
lovenaveen at gmail.com
Thu Mar 6 19:00:50 UTC 2014
Iam using Struts2 and I tried implementing the csrfguard via the dynamic
if the token is missing. Also I see the token on the url. I see that tah
tokens are being properly generated and embedded to teh links and buttons
on the page, but when I copy the URL and paste in a different tab or window
and clcik enter I see the results. Am I not supposed to see that its a CSRF
attack? Also how different is the CSRF framework inbuilt in Struts2 to
the csrfguard? Your feed back will be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfguard