Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site Request Forgery (CSRF). Are there plans (or previous work) to add for example some additional session token to prevent CSRF?
I'm willing to contribute here, but some general discussion about how and where to implement this would be helpful.
More info about CSRF here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet