[jira] [Resolved] (SLING-3469) Provide out of the box CSRF protection

Carsten Ziegeler (Jira) Sat, 06 May 2023 03:29:03 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-3469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Carsten Ziegeler resolved SLING-3469.
-------------------------------------
    Resolution: Won't Fix

allowance of "app" for the referrer has been removed as SLING-10843

> Provide out of the box CSRF protection
> --------------------------------------
>
>                 Key: SLING-3469
>                 URL: https://issues.apache.org/jira/browse/SLING-3469
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Raviteja Lokineni
>            Priority: Critical
>
> One such vulnerability can found on the default login form for 
> FormBasedAuthenticationHandler.
> Grails framework has implemented this protection using custom tag library and 
> filters. Ref: http://grails.org/doc/2.2.1/ref/Tags/form.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (SLING-3469) Provide out of the box CSRF protection

Reply via email to