[Owasp-csrfguard] CSRF Security Fix to OWASP 3.0
causalbody at gmail.com
Fri Oct 20 17:41:20 UTC 2017
The OWASP 3.1.0 readme mentions about an important security fix.
"Instead of hard coding the CSRF token, we send a POST request to fetch the
token and populate the JS variable."
I'm looking for some background on the security fix. Could someone please
point me to a bug tracker link or other documentation about the fix?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-csrfguard