Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 22917 invoked from network); 4 Mar 2011 09:36:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Mar 2011 09:36:32 -0000 Received: (qmail 64769 invoked by uid 500); 4 Mar 2011 09:36:28 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 64685 invoked by uid 500); 4 Mar 2011 09:36:28 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 64649 invoked by uid 99); 4 Mar 2011 09:36:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Mar 2011 09:36:28 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of spring@gmx.eu designates 213.165.64.23 as permitted sender) Received: from [213.165.64.23] (HELO mailout-de.gmx.net) (213.165.64.23) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 04 Mar 2011 09:36:20 +0000 Received: (qmail invoked by alias); 04 Mar 2011 09:35:57 -0000 Received: from e178080238.adsl.alicedsl.de (EHLO msrvcn04) [85.178.80.238] by mail.gmx.net (mp043) with SMTP; 04 Mar 2011 10:35:57 +0100 X-Authenticated: #2635966 X-Provags-ID: V01U2FsdGVkX1/POc4QQCbP0SXZ14xuQiUDVsEOeNlN1S0jvwaj0L pvdM8QArgsbieQ From: To: "'Tomcat Users List'" Subject: CsrfPreventionFilter Date: Fri, 4 Mar 2011 10:35:55 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcvaT45LvQHTrUROSgOCG7RLvBa6Tg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4721 X-Y-GMX-Trusted: 0 Hi, 2 questions: 1. Are there any plans to implement wildcard (e.g. ANT-like) matching for the entrypoints of the CsrfPreventionFilter? I have several static ressources like css, images etc. which do not need a nonce and I really cannot list all of them explicitly. The main problem are urls in css files which are editable by the customer. 2. Are the any plans to make the nonce-parameter name configurable? Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org