Actions
Task #95
closed
Implement CSRF protection
Status:
Rejected
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Authentication / Authorization
Target version:
Start date:
08/16/2016
Due date:
% Done:
100%
Estimated time:
2.00 h
Owner:
Description
Now is csrf protection disabled. We need to implement csrf filter on backend and ensure filling appropriate headers / params on frontend.
Updated by Radek Tomiška about 8 years ago
- Target version changed from Beryl to Citrine (7.3.0)
Updated by Radek Tomiška over 7 years ago
- Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
Updated by Vít Švanda about 7 years ago
- Target version changed from Diamond (7.4.0) to Emerald (7.5.0)
Updated by Radek Tomiška about 7 years ago
- Target version deleted (
Emerald (7.5.0))
Updated by Radek Tomiška over 3 years ago
- Assignee changed from Vít Švanda to Radek Tomiška
- Target version set to 11.2.0
- Estimated time set to 2.00 h
Updated by Radek Tomiška over 3 years ago
- Status changed from New to In Progress
Updated by Radek Tomiška over 3 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
We are using stateless rest => no cookies are used => CSRF protection is not required.
We are using browser localStorage to store frontend persistent setting, which can be vulnerable to XSS attack => we are using escaping and DOMPurify (XSS sanitizer for HTML) for users inputs to prevent these types of attacks.
Updated by Radek Tomiška over 3 years ago
- Status changed from Resolved to Rejected
Actions