Hello Leo, I guess you can check the OpenCA::AC module and disable the check for the xsrf token there. That should do the trick.
I am not convinced it is a good idea, though. If you have other security mechanisms in place.. than it might be ok.. if not, then your PKI could be subject to the attack.. if the OpenCA pages are accessible via the <iframe> element.. that means I can request them directly if I know the URL.. and that exposes you to all of the problems... In future versions we could actually think about a configuration option that allows for the xsrf to be disabled.. but another protection should be in place... Later, Max On 11/13/2009 11:48 AM, Leo Catalinas wrote:
Hello, We use OpenCA 0.9.x in a couple of university projects and we are very pleased with it, having issued near 700 certificates for students and professors for e-learning in the last three years. We integrate many screens and forms (like the request form) in a public web page (our pki portal) made with Joomla an its "wrapper" option (allows to embeed an external page within the page body using the html "<iframe>" element). Now, we have tried the 1.0.2 version and we have seen that the "wrapper" option doesn't work because the new OpenCA XSRF protection. We need the "wrapper" option to integrate OpenCA forms with Joomla, but tried to disable the XSRF protection and we didn't find how to do it. How to disable XSRF or how to make work without disabling it? Any suggestion, please? Thank you very much Regards, Leo Catalinas,
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
