Task #95
closed
Implement CSRF protection
Added by Radek Tomiška over 8 years ago.
Updated over 3 years ago.
Category:
Authentication / Authorization
Description
Now is csrf protection disabled. We need to implement csrf filter on backend and ensure filling appropriate headers / params on frontend.
- Target version changed from Beryl to Citrine (7.3.0)
- Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
- Target version changed from Diamond (7.4.0) to Emerald (7.5.0)
- Target version deleted (
Emerald (7.5.0))
- Assignee changed from Vít Švanda to Radek Tomiška
- Target version set to 11.2.0
- Estimated time set to 2.00 h
- Status changed from New to In Progress
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
We are using stateless rest => no cookies are used => CSRF protection is not required.
We are using browser localStorage to store frontend persistent setting, which can be vulnerable to XSS attack => we are using escaping and DOMPurify (XSS sanitizer for HTML) for users inputs to prevent these types of attacks.
- Status changed from Resolved to Rejected
Also available in: Atom
PDF
