[Owasp-csrfguard] CSRF implementation for hyperlink with <sj:a>

Hafe regee hafi.reg at gmail.com
Tue Feb 9 20:21:24 UTC 2016


We are planning to implement CSRFGuard in our application. Though we are
able to set csrf token for FORM submits, we see issue in implementing for

There are 2 issues currently we are facing.

1 - We are using <sj:a> tags for defining the links. CSRFGuard suggest
using the <csrf:a> tags but <csrf:a> tags are not a replacement for <sj:a>
as some of the components like targets are not available with CSRF anchor
tag. We tried <s:token> options and passing token as a param in the <s:url>
tag, but redirecting to result page fails due to new tokens generated. In
this case, on click of link the page is getting refreshed throwing the

*" Form has already been processed or no token supplied. Please try again".

2- On click of hyperlink, a popup opens - Here we are trying to append the
tokens to url but csrf token as getting exposed/displayed in the url.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20160209/90b01f2f/attachment.html>

More information about the Owasp-csrfguard mailing list