Uploaded image for project: 'XWiki Infrastructure'
  1. XWiki Infrastructure
  2. XINFRA-260

Document the CSRF module on e.x.o

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: www.xwiki.org
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      And explain the XWiki strategy, i.e. when we use CSRF protection and when we don't (we might need to agree about this first ).

      Example: Have CSRF protection whenever there are forms which modify things in XWiki. Don't add CSRF protection for forms that don't modify things (such as XAR export).

      Also need to update https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Security#HCrosssiterequestforgery28CSRF29 which is completely wrong...

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            vmassol Vincent Massol
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: