[MGNLSSO-28] Make sure Magnolia does CSRF, as pac4j CSRF is disabled Created: 08/May/20 Updated: 07/Jul/20 Resolved: 11/May/20 |
|
| Status: | Closed |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.0 |
| Type: | Task | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoR: |
Empty
|
| Epic Link: | Magnolia SSO w/ pac4j |
| Description |
|
I disabled pac4j CSRF during development as it was getting in my way. I believe Magnolia does CSRF, but it needs to be double-checked. |
| Comments |
| Comment by Maxime Michel [ 11/May/20 ] |
|
Magnolia indeed does CSRF out of the box: https://documentation.magnolia-cms.com/display/DOCS62/Filters#Filters-CSRFsecurity |