Jahia CSRF Guard icon
Module Id
jahia-csrf-guard
Group Id
org.jahia.modules
Updated
Requires Jahia
8.1.7.0
Author
JSG
Category
Tools and Utilities
Status
SUPPORTED info

Jahia CSRF Guard check_circle

security

This module will add CSRF token protection on all calls to a Jahia Action. It's based on the OWASP CSRFGuard library.

Dependencies & Dependants

Dependencies
  • NONE
Dependants
  • NONE

Changelog 4.2.0

Improvements

  • CSRF Guard is now disabled by default. This can be enabled using the jahia.csrf-guard.bypassForGuest property for organizations that need it
  • Updated the module to OWASP www-project-csrfguard v4.5.0 (latest version at the time of release). Notable changes include:
    • Improve URL normalization to allows URLs with protocol and server name
    • Introduced a tag mechanism to support client-side caching of jahia-csrf-guard's javascript
  • Replaced 'unload' event usage by 'pagehide' for registering cleanup operations, which helps improve pagespeed scores
  • Updated the module to use console.debug() instead of alert() to lower end-user disruptions

Misc

  • Removed unused dependency and upgraded jahia parent to 8.1.7.0
  • Removed Spring bean definition to migrate to OSGI including configuration 
  • Updated comments explaining usage of cacheControlTagged in csrfguard-jahia.properties file

FAQ

See https://academy.jahia.com/training-kb/knowledge-base/csrf-error-on-custom-action