Project:
View Revisions: Issue #51321 | [ Back to Issue ] | ||
Summary | 0051321: Improve CSRF coverage to cover some missing POST requests | ||
Revision | 2024-01-25 10:57 by AugustoMauch | ||
Steps To Reproduce | Open WebPOS Change the role. Notice that no CSRF token is included, but the POST request is processed with success (see image) |
||
Revision | 2024-01-25 10:57 by AugustoMauch | ||
Description | POST requests of action handlers covered by KernelServlet are not checking the CSRF token (i.e. change of role from WebPOS). A CSRF token check should be added here [1]. [1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/KernelServlet.java#L291 [^] |
||
Revision | 2023-12-21 14:13 by AugustoMauch | ||
Steps To Reproduce | TO BE DONE | ||
Revision | 2023-12-21 14:13 by AugustoMauch | ||
Description | TO BE DONE |
Copyright © 2000 - 2009 MantisBT Group |