Hello,
Our Wicket web application went through an app scan. We understand most
problems that came back from the report and have solutions, but one that's
troubling us is:
[cid:f744744c-2d7a-4cd8-9179-ef02d9dc6ea4]
I've omitted our URLs, but essentially it seems they were able to manipulate
the hostname to a different url.
Unfortunately we weren't given much context aside from this report.
We assume that there are three avenues for us to resolve this:
1. Wicket configuration
2. Server configuration
3. Non-issue (if this problem is addressed with the framework itself and we
don't need to worry about it)
We did come across this filter that might be a solution:
getRequestCycleListeners().add(new
CsrfPreventionRequestCycleListener().addAcceptedOrigin("[domain]"));
Would adding this to our application resolve the above problem?
If there's any information you could provide as to how we can address it, we
would greatly appreciate it.
Thank you,
Jonathan Babie
Java Applications Developer
Work: (838) 910-4274
Personal: (518) 331-8758
Notice: This communication, including any attachments, is intended solely for
the use of the individual or entity to which it is addressed. This
communication may contain information that is protected from disclosure under
State and/or Federal law. Please notify the sender immediately if you have
received this communication in error and delete this email from your system. If
you are not the intended recipient, you are requested not to disclose, copy,
distribute or take any action in reliance on the contents of this information.
