[Owasp-csrfguard] CSRF Security Fix to OWASP 3.0
Sriram Krishnan
causalbody at gmail.com
Fri Oct 20 17:41:20 UTC 2017
Hi,
The OWASP 3.1.0 readme mentions about an important security fix.
"Instead of hard coding the CSRF token, we send a POST request to fetch the
token and populate the JS variable."
I'm looking for some background on the security fix. Could someone please
point me to a bug tracker link or other documentation about the fix?
Thanks,
Sriram K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20171020/d1effb59/attachment.html>
More information about the Owasp-csrfguard
mailing list