2 answers
- 10-1
Hi,
You can get the CSRF token name and value using the following method then post it together with other data.
There are SecurityUtil.getCsrfTokenName and SecurityUtil.getCsrfTokenValue method allow you to retrieve the token. You can implement a secure api to retrieve it and use it in your project.
If you still want to disable it, you can change the value of "org.owasp.csrfguard.Enabled" to false in Owasp.CsrfGuard.properties file under "[tomcat directory]/webapps/jw/WEB-INF/classes".
Add your comment... - 10-1
Owen Ong Hi Owen i have a recent problem with the CSRF token at Joget i hope you can help me the understand what is going on. The CSRF is exposed on the client side at the login page but once send it to the server its not being validated do you know if by enabling the flag at the path you provided before [tomcat directory]/webapps/jw/WEB-INF/classes will solve the issue. If that its not the case you mentioned something about making use of the SecurityUtil import to retrieve the token SecurityUtil.getCsrfTokenName and SecurityUtil.getCsrfTokenValue
Guess this is server side validation any ways to handle this at Joget im varley new at using the tool but i don't know how to interact with the server part to call this Java SecurityUtil library. Do you know if this needs to be handled by a custom Plugin or is there a particular way to retrieve the server side configuration within the server.
Thanks in advance.
Current Joget Version > Joget DX 7
Add your comment...
Hi,