zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-02 13:07:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/security
History
guyben da5a8796b8 Allow XSRF to be sent as POST parameter in addition to HTML header 
HTML headers can only be sent via JS, we need this change to allow
secure POST form submission.

The form itself will have a hidden "input" tag  with the XSRF token in it. This
is how other framework do it as well - see
https://en.wikipedia.org/wiki/Cross-site_request_forgery#Synchronizer_token_pattern

This is in preparation for the OT&E setup page, which will be a simple form
with a "submit" button, so using JS for it is overkill.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=226178070
2018-12-20 07:46:33 -05:00
..
BUILD Improve internal build system speed 2018-06-27 15:28:52 -04:00
JsonHttp.java Migrate to Flogger (green) 2018-05-30 12:18:54 -04:00
JsonResponseHelper.java Remove unnecessary generic type arguments 2017-11-21 18:17:31 -05:00
package-info.java Update copyright year on all license headers 2017-02-02 16:27:22 -05:00
XsrfTokenManager.java Allow XSRF to be sent as POST parameter in addition to HTML header 2018-12-20 07:46:33 -05:00