0

I have implemented CSRF Guard into my web application. It's working fine for GET requests (with AJAX and without AJAX) however for POST request token is not getting injected into the request that's why CSRF guard throwing an exception: Token is missing in the request.

My question here is:

  1. CSRF Guard injects token into POST request or not? If YES then what I have to look for to make it work.
  2. Do I have to change my POST requests to make it work with CSRF guard? (Save the token into hidden fields and use it for POST requests.)

Please let me know your points if you know about it. Thanks.

SK.
  • 4,174
  • 4
  • 30
  • 48

1 Answers1

0

As far as I know you only need to set the following property in csrfguard.properties file to make it work for the given methods:

org.owasp.csrfguard.ProtectedMethods=POST,PUT,DELETE,GET

You can try injecting token using JSP tag library if Javascript DOM manipulation is not working on that page. More details can be found here.

Sarneet Kaur
  • 2,860
  • 1
  • 14
  • 12