[Owasp-csrfguard] CSRF Security Fix to OWASP 3.0

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
The OWASP 3.1.0 readme mentions about an important security fix.
"Instead of hard coding the CSRF token, we send a POST request to fetch the
token and populate the JS variable."

I'm looking for some background on the security fix. Could someone please
point me to a bug tracker link or other documentation about the fix?

Thanks,
Sriram K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20171020/d1effb59/attachment.html>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]