Latest JAS v1.1.0

144 plugins online

Add CSRF prevention support

JAS16JAN006

Project

Reported

Rank

3

Cross-Site Request Forgery (CSRF) are request to the server initiated from other websites. Allowing this is potentially dangerous as the request piggybacks on the existing session on the server if it's ran from the same browser (imagine 2 tabs, 1 logged in on the server, the other with a malicious site that sends a request to the server). The most suitable way to prevent this seems to be Synchronizer Token Pattern (STP) which effectively requires a unique token to be sent...

Report issues

We're currently not allowing issue reporting directly via ITS. Please use the feedback form to submit your issues.

Issues

Easier API request - 7 years ago
Trim values - 7 years ago
Figure out what to do with control field names - 7 years ago
Remove .htaccess files - 7 years ago
Plugin static data - 7 years ago

Show all issues

Updates

Issue updated Workflow: Open => Closed - 5 years ago
Issue updated ID: JAS15NOV002 => JAS16DEC001 Workflow: Open => Closed Fixed in changeset: 0... - 7 years ago
Issue updated ID: JAS16JUL001 => JAS16SEP001 Workflow: Open => Closed Fixed in changeset: 0... - 7 years ago
Added notrim property, removed old trim property - 7 years ago
Issue updated ID: JBE15JUL004 => JBE16SEP001 Workflow: Open => Closed Fixed in changeset: 0... - 7 years ago