Well perhaps OT and not StackOverflow is right. Worth sharing with the person at OT who gave you that feedback :-)
The guidelines for CSRF protection are from OWASP, perhaps this offers insite into the setting you want. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Checking_The_Referer_Header https://www.owasp.org/index.php/.Net_CSRF_Guard On Tuesday, February 25, 2014 10:29:57 AM UTC-5, Pierre Kruppik wrote: > > This is one of the proposed solutions from OpenText ( > https://groups.google.com/forum/#!topic/reddot-cms-users/rDJFB_z8DbM) Are > you saying OpenText lying? :P > > I would do anything in SmartEdit. I will open a URL via the user-defined > job to execute a plugin periodically. I think the only solution is to > exclude the destination URL from referrer check in the main.config. > > Am Dienstag, 25. Februar 2014 15:02:18 UTC+1 schrieb Tim D: >> >> No it won't work: >> http://stackoverflow.com/questions/7922518/set-referer-header-in-asp-net >> >> You want the host? How about setting a cookie with JavaScript in your >> pages in SmartEdit and read that instead of referer? >> >> On Monday, February 24, 2014 6:15:45 AM UTC-5, Pierre Kruppik wrote: >>> >>> Hi! >>> >>> Since security-raled changes (CSRF) it is not possible to execute a >>> plugin using a user-defined job (call url). I just added the referer to the >>> header of my plugin, but it doesnt works. >>> >>> <% >>> Response.AddHeader "Referer","http://myhost/cms/"; >>> %> >>> >>> Are there any restrictions in the IIS? >>> >>> >>> Regards, >>> Pierre >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/reddot-cms-users. For more options, visit https://groups.google.com/groups/opt_out.
