Hi devs,
I've been working on a CSRF protection mechanism for quite some time. It is based on so called secret tokens (also called nonces) that are included into forms and links and checked on server side. The implementation allows to resubmit a failed request (e.g. in case the user is logged out in the meanwhile), so that the data is not lost in case of bugs. JIRA issue: http://jira.xwiki.org/jira/browse/XWIKI-4873 Component implementation: http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/xwiki-csrftoken/ Old proposal: http://lists.xwiki.org/pipermail/devs/2010-March/017727.html I think it is time to move the CSRF component to the main repository and start using it everywhere. The protection will be disabled by default until all bugs are fixed. The steps to do would be: 1. Move CSRF token component to platform 2. Fix all templates to use CSRF tokens 3. Fix all applications to use CSRF tokens 4. Fix all actions to check CSRF tokens 5. Fix all integration tests to work with enabled CSRF protection I have patches for steps 2-4, but NOT for 5. Many (about 30-40 last time I counted) integration tests still fail with enabled CSRF protection, because they (mis)use CSRF to set up tests (edit/create pages). Here is my +1 WDYT? Thanks, Alex _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
