Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-8232

Intercept login redirects to reduce bypasses for the login-CSRF filter

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Neutral
    • None
    • None
    • core

    Description

      There is a number of configured bypasses for the CSRFTokenFilter. Within MAGNOLIA-8210 mgeljic brought up the idea to intercept login redirects for getting rid of some of these bypasses. Within this ticket we should:

      • Clarify the approach envisioned by mgeljic
      • Implement a POC
      • Productise the POC if it bring enough value

      Implementation note: may we can use security callbacks?

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            split from

            Improvement - An improvement or enhancement to an existing feature or task. MAGNOLIA-8210 Review CSRF filter implementations and bypasses

            • Neutral -
            • Closed

            Activity

              People

                mduerig Michael Duerig
                mduerig Michael Duerig
                Foundation
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Task DoD