Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #51321 Back to Issue ]
Summary 0051321: Improve CSRF coverage to cover some missing POST requests
Revision 2024-01-25 10:57 by AugustoMauch
Steps To Reproduce Open WebPOS
Change the role.
Notice that no CSRF token is included, but the POST request is processed with success (see image)
Revision 2024-01-25 10:57 by AugustoMauch
Description POST requests of action handlers covered by KernelServlet are not checking the CSRF token (i.e. change of role from WebPOS).

A CSRF token check should be added here [1].

[1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/KernelServlet.java#L291 [^]
Revision 2023-12-21 14:13 by AugustoMauch
Steps To Reproduce TO BE DONE
Revision 2023-12-21 14:13 by AugustoMauch
Description TO BE DONE


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker