Default to Xor CSRF protection #11960

Closed

Closed

Default to Xor CSRF protection#11960

Assignees

Labels

in: webtype: breaks-passivity

Milestone

We should default to Xor CSRF tokens in 6.0:

Use XorCsrfTokenRequestAttributeHandler in CsrfFilter
Use XorServerCsrfTokenRequestAttributeHandler in CsrfWebFilter

Related gh-4001

Metadata

Assignees

sjohnr

Labels

in: webtype: breaks-passivity

Type

No type

Projects

No projects

Milestone

6.0.0-RC1

Relationships

None yet

Development

No branches or pull requests