Project

General

Profile

Task #95

Implement CSRF protection

Added by Radek Tomiška about 5 years ago. Updated 2 months ago.

Status:
Rejected
Priority:
Normal
Category:
Authentication / Authorization
Target version:
Start date:
08/16/2016
Due date:
% Done:

100%

Estimated time:
Milestones:

Description

Now is csrf protection disabled. We need to implement csrf filter on backend and ensure filling appropriate headers / params on frontend.

History

#1 Updated by Radek Tomiška almost 5 years ago

  • Target version changed from Beryl to Citrine (7.3.0)

#2 Updated by Radek Tomiška over 4 years ago

  • Target version changed from Citrine (7.3.0) to Diamond (7.4.0)

#3 Updated by Vít Švanda about 4 years ago

  • Target version changed from Diamond (7.4.0) to Emerald (7.5.0)

#4 Updated by Radek Tomiška about 4 years ago

  • Target version deleted (Emerald (7.5.0))

#5 Updated by Radek Tomiška 3 months ago

  • Assignee changed from Vít Švanda to Radek Tomiška
  • Target version set to 11.2.0

#6 Updated by Radek Tomiška 2 months ago

  • Status changed from New to In Progress

#7 Updated by Radek Tomiška 2 months ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

We are using stateless rest => no cookies are used => CSRF protection is not required.
We are using browser localStorage to store frontend persistent setting, which can be vulnerable to XSS attack => we are using escaping and DOMPurify (XSS sanitizer for HTML) for users inputs to prevent these types of attacks.

#8 Updated by Radek Tomiška 2 months ago

  • Status changed from Resolved to Rejected

Also available in: Atom PDF

Go to top