Re: [Cppcms-users] Suggestion: warn if csrf enabled but missing
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Suggestion: warn if csrf enabled but missing
|
From: Artyom B. <art...@ya...> - 2012-04-26 14:59:34
|
Such feature would require parsing HTML and it may be not even possible when for example form is rendered from different locations. I thought about it, even thought how to automatize the process but it does not seems to be feasible. Also note, if the form update fails you should see a notice about it in logs. Artyom Beilis -------------- CppCMS - C++ Web Framework: http://cppcms.com/ CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/ ----- Original Message ----- > From: "ele...@ex..." <ele...@ex...> > To: cpp...@li... > Cc: > Sent: Thursday, April 26, 2012 5:47 AM > Subject: [Cppcms-users] Suggestion: warn if csrf enabled but missing > > Hi, > > This is just a suggestion - > > I just spent about 20 minutes trying to figure out why I get forbidden > error(302) while trying to load context() into a rather complex form. And > I completely forgot about adding <% csrf %> to the form. > > It would be great if a warning was logged that csrf is enabled but token > is missing. > > Thanks, > Petr > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > |
