Project:
| View Revisions: Issue #51321 | [ Back to Issue ] | ||
| Summary | 0051321: Improve CSRF coverage to cover some missing POST requests | ||
| Revision | 2024-01-25 10:57 by AugustoMauch | ||
| Steps To Reproduce | Open WebPOS Change the role. Notice that no CSRF token is included, but the POST request is processed with success (see image) |
||
| Revision | 2024-01-25 10:57 by AugustoMauch | ||
| Description | POST requests of action handlers covered by KernelServlet are not checking the CSRF token (i.e. change of role from WebPOS). A CSRF token check should be added here [1]. [1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/KernelServlet.java#L291 [^] |
||
| Revision | 2023-12-21 14:13 by AugustoMauch | ||
| Steps To Reproduce | TO BE DONE | ||
| Revision | 2023-12-21 14:13 by AugustoMauch | ||
| Description | TO BE DONE | ||
| Copyright © 2000 - 2009 MantisBT Group |
 |