-
Improvement
-
Resolution: Obsolete
-
Neutral
-
None
-
6.2.11
The CSRF cookie is basically used for protecting posting forms. REST requests are already bypassed. We could generate the cookie only for text/html and avoid creating it for all other types of resources.
Some discussion around a possible implementation (not so trivial at a first glance) https://git.magnolia-cms.com/projects/MODULES/repos/imaging/pull-requests/38/overview?commentId=83266
- is related to
-
MAGNOLIA-8142 Non ASCII characters in URIs interfere with CsrfTokenSecurityFilter
- Closed
-
MAGNOLIA-8209 CSRF Header sent with all responses
- Closed
-
MAGNOLIA-8162 Image URI with spaces cause CsrfTokenSecurityFilter#generateCookie to fail
- Closed
-
MGNLIMG-231 Bypass CsrfTokenSecurityFilter for imaging URIs
- Closed
- relates to
-
MAGNOLIA-8209 CSRF Header sent with all responses
- Closed
- mentioned in
-
Page Loading...