[MAGNOLIA-8226] DOC: Update CSRF filter implementation Created: 16/Nov/21 Updated: 19/Jan/22 Resolved: 19/Jan/22 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | 6.2.14 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Ashraf Khamis | Assignee: | Ashraf Khamis |
| Resolution: | Done | Votes: | 0 |
| Labels: | csrf | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Template: |
|
||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||
| Task DoR: |
Empty
|
||||||||||||||||
| Sprint: | Nucleus 1, Nucleus 2 | ||||||||||||||||
| Story Points: | 5 | ||||||||||||||||
| Description |
|
From Mika: The CSRF security section only mentions the referer-based CsrfSecurityFilter. There's nothing about CsrfTokenSecurityFilter, which will potentially change with We should overhaul that section once |
| Comments |
| Comment by Ashraf Khamis [ 19/Jan/22 ] |
|
Created a new CsrfCookieTokenFilter and CsrfSessionTokenFilter section and completely revamped the entire CSRF security section as a result. Reviewed by Michael. |