[Owasp-csrfguard] CSRF Security Fix to OWASP 3.0

Sriram Krishnan causalbody at gmail.com
Fri Oct 20 17:41:20 UTC 2017


Hi,
The OWASP 3.1.0 readme mentions about an important security fix.
"Instead of hard coding the CSRF token, we send a POST request to fetch the
token and populate the JS variable."

I'm looking for some background on the security fix. Could someone please
point me to a bug tracker link or other documentation about the fix?

Thanks,
Sriram K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20171020/d1effb59/attachment.html>


More information about the Owasp-csrfguard mailing list