[Owasp-csrfguard] CSRF implementation for hyperlink with <sj:a>
hafi.reg at gmail.com
Tue Feb 9 20:21:24 UTC 2016
We are planning to implement CSRFGuard in our application. Though we are
able to set csrf token for FORM submits, we see issue in implementing for
There are 2 issues currently we are facing.
1 - We are using <sj:a> tags for defining the links. CSRFGuard suggest
using the <csrf:a> tags but <csrf:a> tags are not a replacement for <sj:a>
as some of the components like targets are not available with CSRF anchor
tag. We tried <s:token> options and passing token as a param in the <s:url>
tag, but redirecting to result page fails due to new tokens generated. In
this case, on click of link the page is getting refreshed throwing the
*" Form has already been processed or no token supplied. Please try again".
2- On click of hyperlink, a popup opens - Here we are trying to append the
tokens to url but csrf token as getting exposed/displayed in the url.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfguard