[
https://issues.apache.org/jira/browse/OFBIZ-11609?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-11609:
------------------------------------
Description:
After the VM demos crash yesterday, I had a look at the log of trunk demo and
found a lot of recurring errors block due to CsrfUtil::generateTokenForNonAjax.
It's not a big deal but it's annoying to have such useless errors cluttering
the log:
{noformat}
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:04:32,310 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path:
/partymgr/control/viewprofile?partyId=admin&externalLoginKey=EL29aae5fb-64de-444e-860f-072ef093e1aa
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:04:41,959 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:14:42,669 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:14:42,670 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:19:48,081 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:23:55,085 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:23:55,087 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:30,958 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path:
/partymgr/control/viewprofile?partyId=admin&externalLoginKey=EL8b90e8cb-cf5d-4759-94d6-088c500e91fc
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:41,371 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:55,453 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,768 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:24:55,770 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:26:31,355 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
{noformat}
This is moreover maybe only useful if the token CSRF defense is used, and it's
easy to bypass
was:
After the VM demos crash yesterday, I had a look at the log of trunk demo and
found a lot of recurring errors block due to CsrfUtil::generateTokenForNonAjax.
It's not a big deal but it's annoying to have such useless errors cluterring
the log:
{noformat}
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:04:32,310 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path:
/partymgr/control/viewprofile?partyId=admin&externalLoginKey=EL29aae5fb-64de-444e-860f-072ef093e1aa
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:04:41,959 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:14:42,669 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:14:42,670 |27.0.0.1-8009-exec-7 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:19:48,081 |27.0.0.1-8009-exec-5 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:23:55,085 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:23:55,087 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:30,958 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path:
/partymgr/control/viewprofile?partyId=admin&externalLoginKey=EL8b90e8cb-cf5d-4759-94d6-088c500e91fc
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:41,371 |7.0.0.1-8009-exec-10 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:55,453 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,768 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:24:55,770 |27.0.0.1-8009-exec-3 |CsrfUtil
|E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:26:31,355 |27.0.0.1-8009-exec-9 |CsrfUtil
|E| Cannot find the corresponding request map for path: /'+ url+'
{noformat}
This is moreover maybe only useful if the token CSRF defense is used, and it's
easy to bypass
> Prevent recurring errors block due to generateTokenForNonAjax
> -------------------------------------------------------------
>
> Key: OFBIZ-11609
> URL: https://issues.apache.org/jira/browse/OFBIZ-11609
> Project: OFBiz
> Issue Type: Improvement
> Components: framework/security
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Trivial
> Fix For: Upcoming Branch
>
>
> After the VM demos crash yesterday, I had a look at the log of trunk demo and
> found a lot of recurring errors block due to
> CsrfUtil::generateTokenForNonAjax.
> It's not a big deal but it's annoying to have such useless errors cluttering
> the log:
> {noformat}
> 2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:04:32,310 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /partymgr/control/viewprofile?partyId=admin&externalLoginKey=EL29aae5fb-64de-444e-860f-072ef093e1aa
> 2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 07:04:41,959 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:14:42,669 |27.0.0.1-8009-exec-7 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 07:14:42,670 |27.0.0.1-8009-exec-7 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 07:19:48,081 |27.0.0.1-8009-exec-5 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:23:55,085 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 07:23:55,087 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:24:30,958 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /partymgr/control/viewprofile?partyId=admin&externalLoginKey=EL8b90e8cb-cf5d-4759-94d6-088c500e91fc
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 07:24:41,371 |7.0.0.1-8009-exec-10 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 07:24:55,453 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:24:55,768 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /AdminSearch
> 2020-04-26 07:24:55,770 |27.0.0.1-8009-exec-3 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /AdminSearch
> 2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /views/EditDocumentTree
> 2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path:
> /removeDocumentFromTree
> 2020-04-26 07:26:31,355 |27.0.0.1-8009-exec-9 |CsrfUtil
> |E| Cannot find the corresponding request map for path: /'+ url+'
> {noformat}
> This is moreover maybe only useful if the token CSRF defense is used, and
> it's easy to bypass
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
