<p>As I mentioned before I found that csrfguard does not work correctly with ie8 when it comes to ajax requests.  <br>
Thanks<br>
Tom</p>
<div class="gmail_quote">On Aug 6, 2013 9:44 AM, "Unmesh Desale" <<a href="mailto:Unmesh_Desale@symantec.com">Unmesh_Desale@symantec.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Yes it is the injection of tokens into links etc… not getting any error for ajax request. I am not able to see any CSRF token in IE8.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Thanks,<u></u><u></u></span></b></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Unmesh Desale<br></span></b><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><b><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></b></p>
<p class="MsoNormal"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> <u></u><u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Office:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> +91 20 40754 4823  <b>Mobile: </b><a href="tel:%2B91%209657725432" value="+919657725432" target="_blank">+91 9657725432</a><b>  <u><br>
</u><a href="mailto:unmesh_desale@symantec.com" target="_blank">unmesh_desale@symantec.com</a></b></span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"><br></span><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><b><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Tom Barber [mailto:<a href="mailto:tom.a.barber@gmail.com" target="_blank">tom.a.barber@gmail.com</a>] <br>
<b>Sent:</b> Tuesday, August 06, 2013 1:57 PM<br><b>To:</b> Unmesh Desale<br><b>Cc:</b> <a href="mailto:owasp-csrfguard@lists.owasp.org" target="_blank">owasp-csrfguard@lists.owasp.org</a>; Rajesh Punjabi<br><b>Subject:</b> Re: [Owasp-csrfguard] Issue with IE8<u></u><u></u></span></p>
</div><p class="MsoNormal"><u></u> <u></u></p><p>Is it the injection of tokens into links etc or ajax requests that is failing? I found that xmlhttprequest injection doesn't work in <ie9<u></u><u></u></p><div><p class="MsoNormal">
On Aug 6, 2013 6:34 AM, "Unmesh Desale" <<a href="mailto:Unmesh_Desale@symantec.com" target="_blank">Unmesh_Desale@symantec.com</a>> wrote:<u></u><u></u></p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi Rajesh,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Tried the below solution but it is still not able to inject the token. Whenever I am placing one alert message in that function then I am able to see CRSF token in resulting html (IE8).</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";background:silver">element</span><span style="font-size:10.0pt;font-family:"Courier New"">.setAttribute(attr, location);</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#3f7f5f">alert('token injected:' + value);</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#3f7f5f"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Below are my settings for servelet in web.xml;</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><u><span style="font-size:10.0pt;font-family:"Courier New""><servlet></span></u><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <servlet-name>JavaScriptServlet</servlet-name></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u>param</u>></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>source-file</param-name></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>WEB-INF/Owasp.CsrfGuard.js</param-value></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u>param</u>></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u>param</u>></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>inject-into-forms</param-name></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>true</param-value></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u>param</u>></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u>param</u>></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>inject-into-attributes</param-name></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>true</param-value></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u>param</u>></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u>param</u>></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>domain-strict</param-name></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>true</param-value></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u>param</u>></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u>param</u>></span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name><u>referer</u>-pattern</param-name></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>.*<u>localhost</u>:8080.*</param-value></span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u>param</u>>           </span><u></u><u></u></p><p class="MsoNormal"><u><span style="font-size:10.0pt;font-family:"Courier New""></servlet></span></u><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Below are settings for CSRF Guard Properties:</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenPerPage=true</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenPerPagePrecreate=false</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.Ajax=true</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Default=/appliance</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.JavaScriptServlet=/appliance/JavaScriptServlet</span><u></u><u></u></p><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.JavaScript=*.js</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.css=*.css</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.html=*.html</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.png=*.png</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.jpg=*.jpg</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.ico=*.ico</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.gif=*.gif</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Tag=/tag.jsp</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.jsp=*.jsp</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Error=/appliance/error.html</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Patch=/appliance/<a href="http://manage.appliance.patch.details.do" target="_blank">manage.appliance.patch.details.do</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.SecurityEdit=/appliance/<a href="http://settings.appreconfig.security.edit.do" target="_blank">settings.appreconfig.security.edit.do</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.launchInitConfig=/appliance/<a href="http://launch.configure.appliance.do" target="_blank">launch.configure.appliance.do</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, uri:%request_uri%, error:%exception_message%)</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Redirect.Page=/appliance/error.html</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Rotate=org.owasp.csrfguard.action.Rotate</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenLength=32</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.PRNG=SHA1PRNG</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Thanks,</span></b><u></u><u></u></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Unmesh Desale<br>
</span></b><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><u></u><u></u></p><p class="MsoNormal"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Office:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> +91 20 40754 4823  <b>Mobile: </b><a href="tel:%2B91%209657725432" value="+919657725432" target="_blank">+91 9657725432</a><b>  <u><br>
</u><a href="mailto:unmesh_desale@symantec.com" target="_blank">unmesh_desale@symantec.com</a></b><br></span><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Rajesh Punjabi [mailto:<a href="mailto:rajesh_punjabi@hotmail.com" target="_blank">rajesh_punjabi@hotmail.com</a>] <br>
<b>Sent:</b> Monday, August 05, 2013 10:44 PM<br><b>To:</b> Unmesh Desale; <a href="mailto:owasp-csrfguard@lists.owasp.org" target="_blank">owasp-csrfguard@lists.owasp.org</a><br><b>Subject:</b> RE: [Owasp-csrfguard] Issue with IE8</span><u></u><u></u></p>
</div></div><p class="MsoNormal"> <u></u><u></u></p><div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">I got into the same issue and here is what I wrote earlier on a thread.</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"> </span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">It seems when the JavaScriptServlet injects tokens to all the elements in the DOM, it also attaches the token to <script src=''> and <link href=''>.</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">In IE8 the browser loads all the css files and JS files twice.  This seems to screw up things.</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">You could try to make the INJECT_ATTRIBUTES parameter as false.</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"> </span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">Alternatively, if you think this may break some functionality you desire then in the injectTokenAttribute() method I added the following line. (more of a hack)</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">if(location != null && isValidUrl(location) && !location.toLowerCase().endsWith(".css") && !location.toLowerCase().endsWith(".js") && !location.toLowerCase().endsWith("javascriptservlet")) {</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">    var uri = parseUri(location);</span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">    .....................</span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">}</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"> </span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">So basically for js, css files we shouldn't need to attach the CSRFTOKEN attribute.</span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444"> </span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">HTH</span><u></u><u></u></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"> </span><u></u><u></u></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">Best,<br>Rajesh</span><u></u><u></u></p></div><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div><div class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri","sans-serif""><hr size="2" width="100%" align="center"></span></div><p class="MsoNormal" style="margin-bottom:12.0pt">
<span style="font-family:"Calibri","sans-serif"">From: <a href="mailto:Unmesh_Desale@symantec.com" target="_blank">Unmesh_Desale@symantec.com</a><br>To: <a href="mailto:owasp-csrfguard@lists.owasp.org" target="_blank">owasp-csrfguard@lists.owasp.org</a><br>
Date: Mon, 5 Aug 2013 05:41:03 -0700<br>Subject: [Owasp-csrfguard] Issue with IE8</span><u></u><u></u></p><div><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Hi All,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">I have configured OWASP CSRFGuard for my project. It is working fine when I am browsing my site using Firefox Mozilla but same site doesn’t not work when I browse it through IE 8. This module is not able to inject CSRF token for IE8.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Is this module works (supports) IE8 and higher versions? Is it cross-browser compatible?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Please suggest me some solution. I am in urgent need of help.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Thanks,</span></b><u></u><u></u></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Unmesh Desale<br>
</span></b><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><u></u><u></u></p><p class="MsoNormal"><span lang="EN" style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Office:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif""> +91 20 40754 4823  <b>Mobile: </b><a href="tel:%2B91%209657725432" value="+919657725432" target="_blank">+91 9657725432</a><b>  <u><br>
</u><a href="mailto:unmesh_desale@symantec.com" target="_blank">unmesh_desale@symantec.com</a></b><span style="color:#1f497d"><br></span></span><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""><br>_______________________________________________ Owasp-csrfguard mailing list <a href="mailto:Owasp-csrfguard@lists.owasp.org" target="_blank">Owasp-csrfguard@lists.owasp.org</a> <a href="https://lists.owasp.org/mailman/listinfo/owasp-csrfguard" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-csrfguard</a></span><u></u><u></u></p>
</div></div></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>_______________________________________________<br>Owasp-csrfguard mailing list<br><a href="mailto:Owasp-csrfguard@lists.owasp.org" target="_blank">Owasp-csrfguard@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-csrfguard" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-csrfguard</a><u></u><u></u></p></div></div></div></blockquote></div>