| title | layout | tab | order | tags |
|---|---|---|---|---|
News |
true |
2 |
csrfguard |
We are working on new version of CSRFGuard including a lot of merge request with goood proposals and also a new code to fix known issues on XSS attacks that bypass CSRFGuard.
We need your help. If you want to give few hours of your time to help us please contact me.
An important security fix has been applied to the CSRFGuard version 3.0.
Do a token pre-fetch on every page.
Instead of hard coding the CSRF token, we send a POST request to fetch the token and populate the JS variable.
Thanks to Ahamed Nafeez [email protected] for this fix.