wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Entropy <blmulholl...@gmail.com>
Subject CSRF Tokens
Date Fri, 09 Feb 2018 20:27:15 GMT
One of our apps just underwent a security scan, and they complained about
Cross-Site Request Forgery (CSRF) vulnerability.  Yet, i went to google and
found this:

https://issues.apache.org/jira/browse/WICKET-1782

Which seems to say that CSRF was fixed in 1.4 of Wicket.  We're mostly on
1.6.  Is there something we have to do to "turn on" Wicket's CSRF token?  

--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org


Mime
View raw message