Hi, I work on a web application that is vulnerable to CSRF(Cross Site Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the description to configure this filter. This filter expects that we call HttpServletResponse#encodeRedirectURL(String) or HttpServletResponse#encodeURL(String). I see that in my application we don't use the above mentioned methods. Can you please let me know whether there is any other way of using this filter without making calls to encodeURL() or encodeRedirectURL()?
To be precise, I am looking for a way to incorporate CSRF Filter in an already existing application that doesn't use HttpServletResponse#encodeRedirectURL(String) or HttpServletResponse#encodeURL(String). Any help in this regard is appreciated. Thanks, Vijay
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
