tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Köberl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (TAP5-1474) [GSoC] add out-of-the-box protection against cross-site request forgery (CSRF)
Date Mon, 22 Aug 2016 07:00:32 GMT

    [ https://issues.apache.org/jira/browse/TAP5-1474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15430207#comment-15430207

Christian Köberl commented on TAP5-1474:

[~jkemnade] So you're still shipping Tapestry without CSRF protection? That means practically
every Tapestry application out there is vulnerable to [CSRF|https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)].
I think this should have been fixed years ago!! 

> [GSoC] add out-of-the-box protection against cross-site request forgery (CSRF)
> ------------------------------------------------------------------------------
>                 Key: TAP5-1474
>                 URL: https://issues.apache.org/jira/browse/TAP5-1474
>             Project: Tapestry 5
>          Issue Type: New Feature
>          Components: tapestry-core
>    Affects Versions: 5.2
>            Reporter: Ulrich Stärk
>            Assignee: Massimo Lusetti
>              Labels: bulk-close-candidate
> There are several approaches to protect against CSRF. A student working on this task
will evaluate the possible solutions, discuss with the community which to implement and implement
and test the chosen approach.

This message was sent by Atlassian JIRA

View raw message