This week's book giveaway is in the Big Data forum.
We're giving away four copies of Elasticsearch in Action and have Radu Gheorghe & Matthew Lee Hinman on-line!
See this thread for details.
The moose likes Servlets and the fly likes Cross Site Request Forgery Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Elasticsearch in Action this week in the Big Data forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Cross Site Request Forgery" Watch "Cross Site Request Forgery" New topic

Cross Site Request Forgery

Parminder Dhillon

Joined: Dec 19, 2007
Posts: 5

I am using owasp cross site request forgery guard(CSRFGuard) in one of my web based application.But its implementation is not proper in many pages where i use sendReditect means i redirect application to other page and alson in those pages where i use or window.location

David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Do you have a question?
Parminder Dhillon

Joined: Dec 19, 2007
Posts: 5
Yes my qustion is what to do in that case when redirecting to other page and we are using Cross site Request forger guard.As my application gives error in that case.
Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 31577

Originally posted by Parminder Dhillon:
where i use or window.location

It's an open source filter. You can add to the code to include looking for javascript actions/urls and add the token that way.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
subject: Cross Site Request Forgery