Project

General

Profile

Actions

Task #95

closed

Implement CSRF protection

Added by Radek Tomiška over 7 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Authentication / Authorization
Target version:
Start date:
08/16/2016
Due date:
% Done:

100%

Estimated time:
2.00 h
Owner:

Description

Now is csrf protection disabled. We need to implement csrf filter on backend and ensure filling appropriate headers / params on frontend.

Actions #1

Updated by Radek Tomiška over 7 years ago

  • Target version changed from Beryl to Citrine (7.3.0)
Actions #2

Updated by Radek Tomiška almost 7 years ago

  • Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
Actions #3

Updated by Vít Švanda over 6 years ago

  • Target version changed from Diamond (7.4.0) to Emerald (7.5.0)
Actions #4

Updated by Radek Tomiška over 6 years ago

  • Target version deleted (Emerald (7.5.0))
Actions #5

Updated by Radek Tomiška over 2 years ago

  • Assignee changed from Vít Švanda to Radek Tomiška
  • Target version set to 11.2.0
  • Estimated time set to 2.00 h
Actions #6

Updated by Radek Tomiška over 2 years ago

  • Status changed from New to In Progress
Actions #7

Updated by Radek Tomiška over 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

We are using stateless rest => no cookies are used => CSRF protection is not required.
We are using browser localStorage to store frontend persistent setting, which can be vulnerable to XSS attack => we are using escaping and DOMPurify (XSS sanitizer for HTML) for users inputs to prevent these types of attacks.

Actions #8

Updated by Radek Tomiška over 2 years ago

  • Status changed from Resolved to Rejected
Actions

Also available in: Atom PDF