Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-2383

Implement CSRF Protection for HTTP Interface

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • None
    • None
    • Domain Management, Security
    • None

    Description

      For the HTTP interface we need some form of cross site request forgery protection to cover scenarios where an administrator has already authenticated against AS so the web browser has cached credentials - we need to prevent malicious requests from the same web browser.

      Attachments

        Issue Links

          duplicates

          Task - Represents a small unit of work that is not end-user facing. AS7-2400 Prevention of CSRF reqeusts being accepted and disabling cross-origin resource sharing for the HTTP interface

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: