Gautam Since version 6.0.0 a set of interceptors have been defined to support CSRF, please read the following links
https://struts.apache.org/security/#resource-isolation-using-fetch-metadata https://struts.apache.org/security/#cross-origin-isolation-with-coop-and-coep Regards Lukasz czw., 13 lip 2023 o 15:11 GAUTAM PRASAD <gautam.pras...@navy.gov.in> napisał(a): > Hi, > > After scanning through OWASP - ZAP tool my application shows following > medium level risk. > > Absence of Anti-CSRF Token > > for above ...I tried to implement token interceptor but I am not able to > mitigate the risk and it still reflects on scanning. > > Kindly suggest. > > > -- > Regards > Gautam > > <https://amritmahotsav.nic.in/> <https://www.g20.org/> > >
