tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <spr...@gmx.eu>
Subject CsrfPreventionFilter
Date Fri, 04 Mar 2011 09:35:55 GMT
Hi,

2 questions:

1. Are there any plans to implement wildcard (e.g. ANT-like) matching for
the entrypoints of the CsrfPreventionFilter?

I have several static ressources like css, images etc. which do not need a
nonce and I really cannot list all of them explicitly. The main problem are
urls in css files which are editable by the customer.

2. Are the any plans to make the nonce-parameter name configurable?

Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message