Module Id

jahia-csrf-guard

Group Id

org.jahia.modules

Updated

2025-05-05

Requires Jahia

8.1.7.0

Author

JSG

Category

Tools and Utilities

Status

SUPPORTED

Visit developer's website

Jahia CSRF Guard

security

Download (4.2.0)

This module will add CSRF token protection on all calls to a Jahia Action. It's based on the OWASP CSRFGuard library.

Dependencies & Dependants

Dependencies

NONE

Dependants

NONE

Changelog 4.2.0

Improvements

CSRF Guard is now disabled by default. This can be enabled using the jahia.csrf-guard.bypassForGuest property for organizations that need it
Updated the module to OWASP www-project-csrfguard v4.5.0 (latest version at the time of release). Notable changes include:
- Improve URL normalization to allows URLs with protocol and server name
- Introduced a tag mechanism to support client-side caching of jahia-csrf-guard's javascript
Replaced 'unload' event usage by 'pagehide' for registering cleanup operations, which helps improve pagespeed scores
Updated the module to use console.debug() instead of alert() to lower end-user disruptions

Misc

Removed unused dependency and upgraded jahia parent to 8.1.7.0
Removed Spring bean definition to migrate to OSGI including configuration
Updated comments explaining usage of cacheControlTagged in csrfguard-jahia.properties file

FAQ

See https://academy.jahia.com/training-kb/knowledge-base/csrf-error-on-custom-action