Re: CSRF Tokens

Please check this chapter: https://ci.apache.org/projects/wicket/guide/8.x/single.html#_csrf_protection :)) On Sat, Feb 10, 2018 at 3:27 AM, Entropy wrote: > One of our apps just underwent a security scan, and they complained about > Cross-Site Request Forgery (CSRF)

CSRF Tokens

One of our apps just underwent a security scan, and they complained about Cross-Site Request Forgery (CSRF) vulnerability. Yet, i went to google and found this: https://issues.apache.org/jira/browse/WICKET-1782 Which seems to say that CSRF was fixed in 1.4 of Wicket. We're mostly on 1.6. Is