tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject CsrfPreventionFilter
Date Fri, 04 Mar 2011 09:35:55 GMT

2 questions:

1. Are there any plans to implement wildcard (e.g. ANT-like) matching for
the entrypoints of the CsrfPreventionFilter?

I have several static ressources like css, images etc. which do not need a
nonce and I really cannot list all of them explicitly. The main problem are
urls in css files which are editable by the customer.

2. Are the any plans to make the nonce-parameter name configurable?

Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message