[MAGNOLIA-8226] DOC: Update CSRF filter implementation Created: 16/Nov/21  Updated: 19/Jan/22  Resolved: 19/Jan/22

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 6.2.14
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Ashraf Khamis Assignee: Ashraf Khamis
Resolution: Done Votes: 0
Labels: csrf
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MAGNOLIA-8210 Review CSRF filter implementations an... Closed
documentation
documents MAGNOLIA-8210 Review CSRF filter implementations an... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Sprint: Nucleus 1, Nucleus 2
Story Points: 5

 Description   

From Mika:

The CSRF security section only mentions the referer-based CsrfSecurityFilter. There's nothing about CsrfTokenSecurityFilter, which will potentially change with MAGNOLIA-8210.

We should overhaul that section once MAGNOLIA-8210 is done. The history of CSRF implementation in Magnolia has been consolidated at https://wiki.magnolia-cms.com/display/ARCHI/2021-10-18+CSRF+concept+review.



 Comments   
Comment by Ashraf Khamis [ 19/Jan/22 ]

Created a new CsrfCookieTokenFilter and CsrfSessionTokenFilter section and completely revamped the entire CSRF security section as a result.

Reviewed by Michael.

Generated at Mon Feb 12 04:30:46 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.