Uploaded image for project: 'XWiki Infrastructure'
  1. XWiki Infrastructure
  2. XINFRA-260

Document the CSRF module on e.x.o

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Major
    • www.xwiki.org
    • None
    • Unknown

    Description

      And explain the XWiki strategy, i.e. when we use CSRF protection and when we don't (we might need to agree about this first ).

      Example: Have CSRF protection whenever there are forms which modify things in XWiki. Don't add CSRF protection for forms that don't modify things (such as XAR export).

      Also need to update https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Security#HCrosssiterequestforgery28CSRF29 which is completely wrong...

      Attachments

        Activity

          People

            Unassigned Unassigned
            vmassol Vincent Massol
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: