Hi,
2 questions:
1. Are there any plans to implement wildcard (e.g. ANT-like) matching for
the entrypoints of the CsrfPreventionFilter?
I have several static ressources like css, images etc. which do not need a
nonce and I really cannot list all of them explicitly. The main problem are
urls in css files which are editable by the customer.
2. Are the any plans to make the nonce-parameter name configurable?
Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|