Jahia CSRF Guard icon
Module Id
jahia-csrf-guard
Group Id
org.jahia.modules
Updated
Requires Jahia
8.1.7.0
Author
JSG
Category
Tools and Utilities
Status
SUPPORTED info
Visit developer's website

Jahia CSRF Guard check_circle

security
Download (4.2.0)
View older versions

This module will add CSRF token protection on all calls to a Jahia Action. It's based on the OWASP CSRFGuard library.

Dependencies & Dependants

Dependencies
  • NONE
Dependants
  • NONE

Changelog 4.2.0

Improvements

  • CSRF Guard is now disabled by default for unauthenticated users (guest). In most cases, CSRFGuard is not necessary when users are not authenticated, but if you need to change that behavior, it can be enabled using the jahia.csrf-guard.bypassForGuest property (true by default).
  • Updated the module to OWASP www-project-csrfguard v4.5.0 (latest version at the time of release). Notable changes include:
    • Improve URL normalization to allows URLs with protocol and server name
    • Introduced a tag mechanism to support client-side caching of jahia-csrf-guard's javascript
  • Replaced 'unload' event usage by 'pagehide' for registering cleanup operations, which helps improve pagespeed scores
  • Updated the module to use console.debug() instead of alert() to lower end-user disruptions

Misc

  • Removed unused dependency and upgraded jahia parent to 8.1.7.0
  • Removed Spring bean definition to migrate to OSGI including configuration 
  • Updated comments explaining usage of cacheControlTagged in csrfguard-jahia.properties file

FAQ

See https://academy.jahia.com/training-kb/knowledge-base/csrf-error-on-custom-action

copyright2002-2019 All Rights Reserved by Jahia Solutions Group SA

Privacy Policy / Terms of Use / Cookies