Gautam

Since version 6.0.0 a set of interceptors have been defined to support
CSRF, please read the following links

https://struts.apache.org/security/#resource-isolation-using-fetch-metadata
https://struts.apache.org/security/#cross-origin-isolation-with-coop-and-coep


Regards
Lukasz

czw., 13 lip 2023 o 15:11 GAUTAM PRASAD <gautam.pras...@navy.gov.in>
napisał(a):

> Hi,
>
> After scanning through OWASP - ZAP tool my application shows following
> medium level risk.
>
> Absence of Anti-CSRF Token
>
> for above ...I tried to implement token interceptor but I am not able to
> mitigate the risk and it still reflects on scanning.
>
> Kindly suggest.
>
>
> --
> Regards
> Gautam
>
> <https://amritmahotsav.nic.in/> <https://www.g20.org/>
>
>

Reply via email to