users@jersey.java.net

[Jersey] CSRF filter not safe?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: cowwoc <cowwoc_at_bbs.darktech.org>
Date: Wed, 04 Jun 2014 20:33:15 -0400

According to http://security.stackexchange.com/a/23373/5002 the CSRF
filter that ships with Jersey might not be safe, or not very much
longer. Perhaps it's worth adding a warning to the Javadoc and/or
enhancing the implementation?

Gili

This message: [ Message body ]
Next message: Sathyakumar: "[Jersey] Re: Help with SE deployment on non-default context"
Previous message: cowwoc: "[Jersey] Re: Action-based MVC in JAX-RS.next?"
Next in thread: Miroslav Fuksa: "[Jersey] Re: CSRF filter not safe?"
Reply: Miroslav Fuksa: "[Jersey] Re: CSRF filter not safe?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]