Please check this chapter: https://ci.apache.org/projects/wicket/guide/8.x/single.html#_csrf_protection :))
On Sat, Feb 10, 2018 at 3:27 AM, Entropy <blmulholl...@gmail.com> wrote: > One of our apps just underwent a security scan, and they complained about > Cross-Site Request Forgery (CSRF) vulnerability. Yet, i went to google and > found this: > > https://issues.apache.org/jira/browse/WICKET-1782 > > Which seems to say that CSRF was fixed in 1.4 of Wicket. We're mostly on > 1.6. Is there something we have to do to "turn on" Wicket's CSRF token? > > -- > Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum- > f1842947.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- WBR Maxim aka solomax