Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-8209

CSRF Header sent with all responses

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 6.2.13
    • 6.2.12
    • core

    Description

      As described in SUPPORT-13766 (quoted below).

      After reviewing the CSRF concept in Magnolia, we concluded couple solutions:

      In this ticket:

      • First, reduce the amount of cookies generated for every requests. Tentatively recycle the cookie name (sub-domain only), and update its value?
      • Generate cookies for applicable content types only. See MAGNOLIA-8150.

      In another ticket (just FYI here):

      • Reconsider applying the token generation to everything, unless the Form loginHandler's allowedMethods includes GET (disabled by default since MAGNOLIA-8115).
      • Split implementation of synchronizer-pattern vs. double-submit cookie pattern into two CSRF filters, with their own bypasses.

      Initial bug report

      Steps to reproduce

      1. using csrf
      2. updating from Magnolia 6.1.7 to Magnolia 6.2.11 

      .. Logs, screenshots, gifs...

      Expected results

      • as in Magnolia 6.1. 
      • csrf headers should be sent in responses only when necessary (or is it necessary?) 

      Actual results

      • csrf header was sent in all responses
      • this increases header count above the limit
      • due to this http2 does not work
      • example: header count = 127
      Host: [stest.ruv.de|http://stest.ruv.de/]
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
Cookies:
AMWEBJCT!/wsj_mag!/!SID: A8DB42C8F0D448B3A6226AE85D7F550A
"_ga": "GA1.2.842915859.1632993820",
"_gat_UA-89839765-12": "1",
"_gcl_au": "1.1.447609460.1632993818",
"_gid": "GA1.2.907003410.1632993820",

"AMWEBJCT!/wsj_mag!/!SID": "A8DB42C8F0D448B3A6226AE85D7F550A",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-highlight-teaser-l/882x588/dam/jcr:5bdb0d85-485b-4d78-8ce6-1692d3053a38/b_pferde_opk_1064x588.jpg!csrf": "avPXhyA8g1peq48vH9zP-Iibpu8",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-image-basic-image-m/357x179/dam/jcr:648a7372-9ebd-4dbe-ba02-0cab3c2cf864/zahprobleme-pferd-tierarzt.jpg!csrf": "0vUGg4rwei54UzFuFswsVSwubc0",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-image-basic-image-m/357x179/dam/jcr:6f81f627-2194-42c9-a22e-81bb63de1725/umzugskartons-wohnung-junges-paar.jpg!csrf": "MToaSiciXVJmXVOxkNiXzY7q1AY",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-image-basic-image-m/357x179/dam/jcr:9f5bf0d2-529b-4a0d-923b-660ad6f46fdc/iStock-522453722.jpg!csrf": "I43ZYyvSnsvZfARjWY5A5x9gULU",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-l/734x405/dam/jcr:5eee0fff-223d-4b32-bf69-4ac7170bb301/Service_Teaser_734x405_meien_rv.jpg!csrf": "6r2m-a5guK5grQCD1vnBd7vifEk",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-l/734x405/dam/jcr:61f1201e-9643-4cc2-a0ed-6c08da5ae894/Service_Teaser_734x405_videoberatung.jpg!csrf": "fYYQ2hu-gT19G-VsBvKMEh2Gw-4",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-l/734x405/dam/jcr:d5738e1a-add5-4bef-80c3-bd08a134d0e6/Service_Teaser_734x405_corona.jpg!csrf": "qxeu56IcprbTHrqPRsP2pUvdsCM",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-l/734x405/dam/jcr:e8e43e17-f7ce-4866-8c45-d4648d89dcf1/Service_Teaser_734x405_autonotruf.jpg!csrf": "DQ5fwbl07mnMrExnQE0ZLJavOlM",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-l/734x405/dam/jcr:ec99aad0-80a5-48dc-8822-bda15464595e/Service_Teaser_734x405_kontakt.jpg!csrf": "z236Yo5PopprRELAnBMZpswhA6E",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-thumbnail-m/74x74/dam/jcr:5eee0fff-223d-4b32-bf69-4ac7170bb301/Service_Teaser_734x405_meien_rv.jpg!csrf": "aJiArxoJC6Hlt4-EffrdMfKPr9c",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-thumbnail-m/74x74/dam/jcr:61f1201e-9643-4cc2-a0ed-6c08da5ae894/Service_Teaser_734x405_videoberatung.jpg!csrf": "bzi0Gw4wnAdsgIgZaCz4GmhbBnA",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-thumbnail-m/74x74/dam/jcr:d5738e1a-add5-4bef-80c3-bd08a134d0e6/Service_Teaser_734x405_corona.jpg!csrf": "-WrLih29OKSsvth6dXqxOMZusDE",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-thumbnail-m/74x74/dam/jcr:e8e43e17-f7ce-4866-8c45-d4648d89dcf1/Service_Teaser_734x405_autonotruf.jpg!csrf": "XmFYKmpeZ8__s1hgG3iu1rxc6z4",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/rl20-service-teaser-thumbnail-m/74x74/dam/jcr:ec99aad0-80a5-48dc-8822-bda15464595e/Service_Teaser_734x405_kontakt.jpg!csrf": "8VHmVQ-mSQa1KfmNNJ54k4T-I2M",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/stage-L/1100x400/dam/jcr:45923096-abe1-4c08-8eb0-e5a97b897505/tierhalter_hp_pferd_ruv_buehne_Stage_Large.jpg!csrf": "L75auebgjoe6b4Wz_dvMN5-gnsc",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/stage-L/1100x400/dam/jcr:c855757a-3cea-4460-a8e5-fd8523b14f1a/pferd_ruv.de_Stage_Large.png!csrf": "3HzW-96jqiukHe7de8U_QKr_K7M",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/stage-L/1100x400/dam/jcr:cbdb616b-6b35-4852-b60c-b2527004ee25/tierhalter_hp_hund_ruv_buehne_Stage_Large.jpg!csrf": "SVhZRKzKJZgBcCIJjk_WPd_gu1w",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/stage-L/1100x400/dam/jcr:d411e494-6ce1-464e-8289-ada800d9d435/handwerk-buehne-dach_Stage_Large.jpg!csrf": "laLFffuQ2pRrsFNIsf04k6luA7g",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/stage-L/1100x400/dam/jcr:dcfb5b24-e212-415e-8510-6fc2e17999e7/buehne-service.jpg!csrf": "kmLVQpZt8AZ2ONQ1Y_uLOp0nlZQ",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:2936044e-06d5-4d7e-9451-4db2416358ee/pferd-insektenschutz-haube.jpg!csrf": "FjF1u3PNSjipVxyqo5p0OK5bezk",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:4be73823-8e74-41c6-b13f-679682e9584f/anweiden-pferd-pony.jpg!csrf": "4SQe33btJFUvpqGYv2v17iDp-SY",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:648a7372-9ebd-4dbe-ba02-0cab3c2cf864/zahprobleme-pferd-tierarzt.jpg!csrf": "cfhpBtJ29eOR73h3AZhGvhW5wgc",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:a57ff1cb-da0d-4d69-86da-b08c8bfa0ee6/hundwelpe-kinder.jpg!csrf": "ZVuIOXvzrHpKdQvI_djJbaTLLlI",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:a60ca345-77a2-4fa2-ac76-521e48c7603c/reitbegleithund-ausritt-wald.jpg!csrf": "GPXHxxgR-sdLo9Qdgmlw2xKFkk8",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:aa85602e-def1-4208-b4d1-0090103c5bc4/reiturlaub-ponyhof.jpg!csrf": "cdhy-Ugd6ceManALV_KX1fOtJW8",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:dbc3d822-a106-472a-bf0e-63f1eb6b74d0/pfoetchenknabbern-hund-tierarzt.jpg!csrf": "PDEMGcYyP6pAPowbBneSZ9nNQBM",

"AMWEBJCT!/wsj_mag!/.imaging/focalarea/teaser-small-L/284x142/dam/jcr:f9a7d85f-b009-443b-9080-67b92183ce34/hund-silvester-aengstlich.jpg!csrf": "KS-445RGdoQiAQwh_qB4a9VW5Hg",

"AMWEBJCT!/wsj_mag!/.imaging/responsive/dam/teaser-small-L/284x142/dam/jcr:26ca44b7-2edb-40ba-982e-3c5bfab6588e/57-11-2014-470795651-jpg!csrf": "D7cGRKJwtw_Wv0YbzfFJcJ72HiI",

"AMWEBJCT!/wsj_mag!/.imaging/responsive/dam/teaser-small-L/284x142/dam/jcr:543f3370-ae78-4515-8552-5a605e0e5a80/05-04-2015-178415745.jpg!csrf": "Ujminu6wkG9sQIdcx5HNFdAGKzo",

"AMWEBJCT!/wsj_mag!/.imaging/responsive/dam/teaser-small-L/284x142/dam/jcr:71283cfa-d666-4bd0-9384-22a2df4a6502/iStock-615106928-jpg!csrf": "NEmt-Bc0EySF9H4BjxC8CCNahyI",

"AMWEBJCT!/wsj_mag!/.imaging/responsive/dam/teaser-small-L/284x142/dam/jcr:9183425b-efdf-4a3c-a963-4f6e5bf9c5e7/03-11-2014-178491508-jpg!csrf": "lW_WakQ_rj9kjKkd_kY3D0ZqTms",

"AMWEBJCT!/wsj_mag!/.imaging/responsive/dam/teaser-small-L/284x142/dam/jcr:c97f682a-9ecd-4e17-a2de-d0f9d4671fed/77-11-2015-474167880-jpg!csrf": "452BAUfycYE11ciRMSoGOYHqz6w",

"AMWEBJCT!/wsj_mag!/.imaging/responsive/dam/teaser-small-L/284x142/dam/jcr:f653e36e-3de7-4300-a1a6-7e6c8259f345/17-12-2015-480757499-TeaserSmall-Large-jpg!csrf": "gW1Bt45kdOgSVSkdaCZMROHP63w",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/css/style.css!csrf": "tYIwzyNPCvxLCvk-zOC70Gj-8GE",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/fonts/FFMarselisforRuV-Bd.ttf!csrf": "VoiXpeEXBOJfvqYvj1H8RJtS_nE",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/fonts/FFMarselisforRuV.ttf!csrf": "76TwNjHD_SwGSAMOHrFKhZpqN4w",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/fonts/FFMarselisforRuVSlab-Bold.ttf!csrf": "nf-YXC8uSMjgHVE1EUWIpCj_42I",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/fonts/FFMarselisforRuVSlab.ttf!csrf": "AmD7OS_66VQ3DheKVOQk0n_JAkc",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/fonts/RuVIcon.ttf!csrf": "vWWY--SISuBsKiCpyORQiuPEe0U",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/icons/favicon.png!csrf": "sx5XWJP9VCQmHYjGZpWT8Tdn_oM",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/icons/favicon.svg!csrf": "N71z9bU8JuFnWsz1e6y_aucBdDg",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/logo_ruv.svg!csrf": "nEqQts3MmWgR7QgMgufD1N8M1Eo",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/logo.svg!csrf": "6AHouNuCnwfHrkSxmFcZIN8XuiU",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/mastercard.png!csrf": "aJ0IFtS8aBDYUaEDXDrJta_AJxY",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/paypal.png!csrf": "h6DrZZqPW3-20NoVQXz6C_OaAc0",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/sepa.png!csrf": "RKJN0NJ96HZDVdvffwvgKvLDgy4",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/social-toolbar/icon-blog.svg!csrf": "BVWl3xeQlza3A5usomLNi8DCu4w",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/social-toolbar/icon-facebook.svg!csrf": "q-zMEOU60pgHslZlEFJD5yhqgqE",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/social-toolbar/icon-newsroom.svg!csrf": "5nhbq1r6d7thbyf8XNZZwbgDj7k",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/social-toolbar/icon-twitter.svg!csrf": "2GxHHfOR2GqpYehCC-Yzit9FSNs",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/social-toolbar/icon-xing.svg!csrf": "cAEtRxB7T8346ZQ6HTbU7PuiXc0",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/images/visa.png!csrf": "F6s-vtEkKMq_bnz78o9ounqng9c",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/js/script.js!csrf": "ETseIeO5oktovNOGqSmQArG1AlA",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde-rl20/webresources/js/tracking.js!csrf": "xQp9aAbePDX-hDPVAbqssqZS6ao",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/css/bootstrap.css!csrf": "RhgMD73u6tQh9mjJvABgWNwzxCQ",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/css/box-model.css!csrf": "KLRi4LorMaecstaO_owBeDWdmCw",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/css/components.css!csrf": "6dKiQSX8P6bgVsJ2CaT9y4t0z14",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/css/hellofonts.css!csrf": "cOI_boE9EByTKTS3MZJlvdWEPuM",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/css/main.css!csrf": "8pqj939HI6AS-eIVaRYkCXQ5hgQ",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/css/template.css!csrf": "-uKlox1J7h2K6WcTv4IcVg7sEz4",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/fonts/2D53A7_0_0.woff2!csrf": "CG2OLsFUOTTcbTk8HygWma1xDgs",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/fonts/2D53A7_1_0.woff2!csrf": "aFLKx5BS6vgg2UR2amPkhPe5jDw",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/fonts/2D53A7_5_0.woff2!csrf": "1-mSQfXjUVmyVCKmZFjlXjzAeCo",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/fonts/2D53A7_7_0.woff2!csrf": "NEBkJ8Ty11MYlRSotovz5VBlVBg",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/fonts/iconfont.woff!csrf": "OQwc4ur6wJIsmpL9HaYZe2zewbo",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/genossen-logo.svg!csrf": "VBmmodi9GMH8ApWxV8CFn2dJ6MQ",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/icons/favicon.png!csrf": "L9fSijLFAvAPGFsnehSJXbrJYcI",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/icons/favicon.svg!csrf": "Ybj6xiia-ObgokqmMWmG6a7JGvQ",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/icons/social-toolbar/icon-blog.svg!csrf": "A7Q7s41s0_DRxWDpP52sHjw2Shg",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/icons/social-toolbar/icon-facebook.svg!csrf": "v9Pc50CXrtFKncJa47rLCuPs_ag",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/icons/social-toolbar/icon-newsroom.svg!csrf": "7zvprFGHk4F6WcixFoS-2Oyyr2s",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/icons/social-toolbar/icon-twitter.svg!csrf": "vFDFTduKz30kk9iaBADfS0ssIyM",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/images/icons/social-toolbar/icon-xing.svg!csrf": "s5XsBKvIVL_HvjCC-WDSAi1Ui4c",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/js/main.js!csrf": "MAMcMbjFElusClDSiPHXb3PNPx4",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/js/meineruv.config.js!csrf": "UnAv13IXrFgdjwLyzV5x5YtGrM8",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/js/navheader.js!csrf": "uPrre62Ft9ybbM6kTprIQc4fKAE",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/js/ruv.config.js!csrf": "ncRFGGcur6BzWMIMES5xraVWzVk",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/js/ruv.search.js!csrf": "glXvAJkyEppi2NV7U-Us9WYvPRc",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/js/scripts.min.js!csrf": "_Fem1Pd-QR-vgSOiV6peOlDOzrk",

"AMWEBJCT!/wsj_mag!/.resources/ruv-magnolia-ruvde/webresources/js/vendor.min.js!csrf": "nCF7ceIDIc1pq-CoHTG0_hqWcf8",

"AMWEBJCT!/wsj_mag!/dam/jcr:36801e65-f7fd-4159-a184-05d56e61a660/chip-vtv-oas.jpg!csrf": "rshU2J54afFXR9_xbVg2In9grHA",

"AMWEBJCT!/wsj_mag!/dam/jcr:69a00370-b74e-46a1-8a89-bdcd43c22e5a/ruv_focusmoney_kfz_fairster_leistungsregulierer_2021.jpg!csrf": "4y0apKN9IDXXbVafiFnXpT4eajE",

"AMWEBJCT!/wsj_mag!/dam/jcr:9bcda4f7-6399-4e9c-baa9-6fc2f814a707/wiwo-kundenvertrauen!csrf": "5qxWcwdvztyueAiCqZWZywPmxTE",

"AMWEBJCT!/wsj_mag!/dam/jcr:9bcda4f7-6399-4e9c-baa9-6fc2f814a707/wiwo-kundenvertrauen.png!csrf": "KcCuP_yHMcDQZip3u_GonUCTsB8",

"AMWEBJCT!/wsj_mag!/dam/jcr:9e7d348c-9d75-4cd8-84a6-58ef4f23c1d0/KwK_Hausrat_retuschiert.jpg!csrf": "UgN3P3y-afC0usLQXEUbLEhrJdQ",

"AMWEBJCT!/wsj_mag!/dam/jcr:a4540cfb-4bb1-4b1d-a69e-2ae2a9edd4cf/FocusMoneyFairsterSchadenreguliererHausrat.jpg!csrf": "rlRaadiytMEL-kxjv1FCqmDEpuU",

"AMWEBJCT!/wsj_mag!/dam/jcr:a84c96e5-8fd1-4048-b174-c74232e5e352/chip-vtv-oas!csrf": "XDMKPqB20hGxOlCSPHs8x3zKHI0",

"AMWEBJCT!/wsj_mag!/dam/jcr:d1491fe3-c293-4eec-8037-c9b65ee3d2c3/icon_reitunterricht.jpg!csrf": "Qqaj30u6swj-RO-n9CKrAq-uMN8",

"AMWEBJCT!/wsj_mag!/dam/jcr:d7f1a6ef-857b-41b6-b186-eabea79af7aa/tuv-rheinland-bq.png!csrf": "Xc_VVW6EE1p1L8TezcoOW4LL2gI",

"AMWEBJCT!/wsj_mag!/dam/jcr:e6006db4-ba5b-4e97-a05a-a8bb2fccf387/handwerk_branche_visual_blue.png!csrf": "sieH0qhDhQcABzHVmD3HMgTC9aI",

"AMWEBJCT!/wsj_mag!/dam/jcr:f3c4b709-0b97-43c4-b53c-1971a86274a7/FoMo_FairsterLeistungsregulierer_Private_KKV.jpg!csrf": "Z_erb_a1fRME1j-9CL5JDWXOg2g",

"AMWEBJCT!/wsj_mag!/Fehler404!csrf": "UnKmRBdUyUSR6jYDRyVtKhMDkfI",

"AMWEBJCT!/wsj_mag!/firmenkunden/handwerk!csrf": "SdyU4_iMs9bt7EnpKOLWAjnnR9U",

"AMWEBJCT!/wsj_mag!/home/!csrf": "0EsTa_aqeUYovapuvHJPlRatclA",

"AMWEBJCT!/wsj_mag!/privatkunden/freizeit-tier/pferdeversicherung!csrf": "9qNvLY5BK_Cms4o9ueZR-yPHThI",

"AMWEBJCT!/wsj_mag!/privatkunden/freizeit-tier/pferdeversicherung/abschluss!csrf": "P0p6R8L4b-zVXXR9XF1gIjuzHcs",

"AMWEBJCT!/wsj_mag!/privatkunden/haftpflichtversicherung/hundehalterhaftpflicht!csrf": "3wZGtibqH5PyajsvzL17CSyPmeI",

"AMWEBJCT!/wsj_mag!/privatkunden/haftpflichtversicherung/pferdehalterhaftpflicht!csrf": "AGhOf6PMPvJTQyVjX6q70bYj-2Y",

"AMWEBJCT!/wsj_mag!/service/kontakt!csrf": "4YN2wmY8Ww-yZJ_tboUUUGZpI3c",

"PD_STATEFUL_2cf9f99c-0022-0017-8080-15dde9ae831d": "/wsj_mag",

"PD_STATEFUL_b6623746-0022-0024-8080-079eb3cac8e0": "/wsj_mag",

"PD-H-SESSION-ID-01-1": "1_4_0_DlvzvQf2vBEH7b4DctFF95mNSAfsv8ze9PyWDeya6NSV4SsP",

"PD-H-SESSION-ID-01-2": "1_4_0_pSthhlZ7rIr9bn-ZW4FBDLjDLd0f7Nl6ra9oDvZtexSC6PIK",

"PD-H-SESSION-ID-02-1": "1_4_0_OdmmusLj4cJvDq8d-FRazr6htV0W-jPXieAE7Zg6Iz-mBp53",

"PD-H-SESSION-ID-02-2": "1_4_0_nNO0TA1kOVyR9jYycgzVPoXClGljeH5S6vKt96UEAmI4ixXs",

"QSI_HistorySession": "[https://stest.ruv.de/home/~1632993819769|https://stest.ruv.de/privatkunden/freizeit-tier/pferdeversicherung~1632994883844|https://stest.ruv.de/service/kontakt~1632994996496|https://stest.ruv.de/home/~1632995006373|https://stest.ruv.de/firmenkunden/handwerk~1632995034403|https://stest.ruv.de/privatkunden/haftpflichtversicherung/pferdehalterhaftpflicht~1632995044831|https://stest.ruv.de/privatkunden/haftpflichtversicherung/hundehalterhaftpflicht~1632995173901|https://stest.ruv.de/home/~1632993819769%7Chttps:/stest.ruv.de/privatkunden/freizeit-tier/pferdeversicherung~1632994883844%7Chttps:/stest.ruv.de/service/kontakt~1632994996496%7Chttps:/stest.ruv.de/home/~1632995006373%7Chttps:/stest.ruv.de/firmenkunden/handwerk~1632995034403%7Chttps:/stest.ruv.de/privatkunden/haftpflichtversicherung/pferdehalterhaftpflicht~1632995044831%7Chttps:/stest.ruv.de/privatkunden/haftpflichtversicherung/hundehalterhaftpflicht~1632995173901]",

"tws_camp": "\{\"medium\":\"(none)\",\"source\":\"(direct)\"}",

"tws_session": "1632995173206_0.26915922276546245"

      Workaround

      • we configurated bypasses in  /server/filters/csrfTokenSecurity/bypasses for some pathes e.g. /dam, /.resources und /.imaging

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            is cloned by

            Improvement - An improvement or enhancement to an existing feature or task. MAGNOLIA-8210 Review CSRF filter implementations and bypasses

            • Neutral -
            • Closed
            is related to

            Improvement - An improvement or enhancement to an existing feature or task. MAGNOLIA-8150 CsrfTokenSecurityFilter could create cookie only for text/html requests

            • Neutral -
            • Closed
            relates to

            Improvement - An improvement or enhancement to an existing feature or task. MAGNOLIA-8150 CsrfTokenSecurityFilter could create cookie only for text/html requests

            • Neutral -
            • Closed
            mentioned in

            Page Loading...

            Activity

              People

                mduerig Michael Duerig
                mgeljic Mikaël Geljić
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD