Loading...

XML

Word

Printable

Type: Improvement
Resolution: Obsolete
Priority: Neutral
Fix Version/s: None
Affects Version/s: 6.2.11
Component/s: core
Labels:
- artt
- csrf

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less

The CSRF cookie is basically used for protecting posting forms. REST requests are already bypassed. We could generate the cookie only for text/html and avoid creating it for all other types of resources.

Some discussion around a possible implementation (not so trivial at a first glance) https://git.magnolia-cms.com/projects/MODULES/repos/imaging/pull-requests/38/overview?commentId=83266

Acceptance criteria

is related to

MAGNOLIA-8142 Non ASCII characters in URIs interfere with CsrfTokenSecurityFilter

Closed

MAGNOLIA-8209 CSRF Header sent with all responses

Closed

MAGNOLIA-8162 Image URI with spaces cause CsrfTokenSecurityFilter#generateCookie to fail

Closed

MGNLIMG-231 Bypass CsrfTokenSecurityFilter for imaging URIs

Closed

relates to

MAGNOLIA-8209 CSRF Header sent with all responses

Closed

mentioned in: Page Loading...

(1 mentioned in)

Assignee:: Unassigned

Reporter:: Federico Grilli

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 10/Aug/21 5:44 PM

Updated:: 01/Nov/21 3:38 PM

Resolved:: 01/Nov/21 3:38 PM

Date of First Response:: 01/Nov/21 3:38 PM

Task DoD

Details

Description

Checklists

Attachments

Issue Links

Activity

People

Dates

Checklists