One of our apps just underwent a security scan, and they complained about Cross-Site Request Forgery (CSRF) vulnerability. Yet, i went to google and found this:
https://issues.apache.org/jira/browse/WICKET-1782 Which seems to say that CSRF was fixed in 1.4 of Wicket. We're mostly on 1.6. Is there something we have to do to "turn on" Wicket's CSRF token? -- Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org