tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: CsrfPreventionFilter
Date Fri, 04 Mar 2011 09:42:48 GMT
On 04/03/2011 09:35, spring@gmx.eu wrote:
> Hi,
> 
> 2 questions:
> 
> 1. Are there any plans to implement wildcard (e.g. ANT-like) matching for
> the entrypoints of the CsrfPreventionFilter?
> 
> I have several static ressources like css, images etc. which do not need a
> nonce and I really cannot list all of them explicitly. The main problem are
> urls in css files which are editable by the customer.

Not at the moment. It should be easy enough to add 'entryPointPattern'
or similar. Another option would be not to map the filter to /* but how
easy that approach is will depend on how complex the url scheme is.

> 2. Are the any plans to make the nonce-parameter name configurable?

Not at the moment. Should be simple to do if required.

For both of these enhancement requests in Bugzilla are they way to go.
Enhancement requests that include patches tend to get looked at faster.
If you need some pointers on build Tomcat / writing the patch just ask.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message