wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Entropy <blmulholl...@gmail.com>
Subject CSRF Tokens
Date Fri, 09 Feb 2018 20:27:15 GMT
One of our apps just underwent a security scan, and they complained about
Cross-Site Request Forgery (CSRF) vulnerability.  Yet, i went to google and
found this:


Which seems to say that CSRF was fixed in 1.4 of Wicket.  We're mostly on
1.6.  Is there something we have to do to "turn on" Wicket's CSRF token?  

Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html

To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

View raw message