Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-8150

CsrfTokenSecurityFilter could create cookie only for text/html requests

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Obsolete
    • Neutral
    • None
    • 6.2.11
    • core

    Description

      The CSRF cookie is basically used for protecting posting forms. REST requests are already bypassed. We could generate the cookie only for text/html and avoid creating it for all other types of resources.

      Some discussion around a possible implementation (not so trivial at a first glance) https://git.magnolia-cms.com/projects/MODULES/repos/imaging/pull-requests/38/overview?commentId=83266

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                fgrilli Federico Grilli
                Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD