Please check this chapter:
https://ci.apache.org/projects/wicket/guide/8.x/single.html#_csrf_protection
:))

On Sat, Feb 10, 2018 at 3:27 AM, Entropy <blmulholl...@gmail.com> wrote:

> One of our apps just underwent a security scan, and they complained about
> Cross-Site Request Forgery (CSRF) vulnerability.  Yet, i went to google and
> found this:
>
> https://issues.apache.org/jira/browse/WICKET-1782
>
> Which seems to say that CSRF was fixed in 1.4 of Wicket.  We're mostly on
> 1.6.  Is there something we have to do to "turn on" Wicket's CSRF token?
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-
> f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>


-- 
WBR
Maxim aka solomax

Reply via email to