The "TokenPerPage" approach is not applied to AJAX requests · Issue #2 · OWASP/www-project-csrfguard · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The "TokenPerPage" approach is not applied to AJAX requests #2

Closed
forgedhallpass opened this issue May 4, 2020 · 1 comment
Closed

The "TokenPerPage" approach is not applied to AJAX requests #2

forgedhallpass opened this issue May 4, 2020 · 1 comment
Labels
bug Something isn't working

Comments

@forgedhallpass
Copy link
Member

The current logic generates and returns new, unique tokens for every accessed URI lazily, but they are only injected into forms or src and href attributes by the injectTokens method. This way a large SPA application using exclusively XHR requests would only make use of one single (session) token.
@aramrami aramrami closed this as completed May 4, 2020
@OWASP OWASP deleted a comment from aramrami Sep 15, 2021
@OWASP OWASP deleted a comment from aramrami Sep 15, 2021
@forgedhallpass forgedhallpass added the bug Something isn't working label Sep 15, 2021
@forgedhallpass
Copy link
Member Author

Related ticket from the old repository: aramrami/OWASP-CSRFGuard#123

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aramrami @forgedhallpass