Please check this chapter:
https://ci.apache.org/projects/wicket/guide/8.x/single.html#_csrf_protection
:))
On Sat, Feb 10, 2018 at 3:27 AM, Entropy wrote:
> One of our apps just underwent a security scan, and they complained about
> Cross-Site Request Forgery (CSRF)
One of our apps just underwent a security scan, and they complained about
Cross-Site Request Forgery (CSRF) vulnerability. Yet, i went to google and
found this:
https://issues.apache.org/jira/browse/WICKET-1782
Which seems to say that CSRF was fixed in 1.4 of Wicket. We're mostly on
1.6. Is