New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF vulnerability, again #55
Comments
|
Is there a reason why you haven't used the builtin protection offered by Grails, btw? That's not affected by this bug |
|
My bad. Will be fixed in the next version. |
|
Ok, thank you Indeed, |
|
I added a small comment I see that you added a fix, but you haven't closed yet this issue... I gather that there's more that you want to fix? |
|
I was just waiting until i had time to release. Thanks for reporting the issue |
I'm afraid that the issue hasn't been fixed properly. I realized it today after deploying your new release.
You can try: login (or simply visit in a barebone new grails application) the main app website, but DON'T visit the console. Trigger the poc I sent you the last time, and you'll see that it'll still work. After accessing the console the protection will be effective and the poc will stop working.
I suspect that the reason might be the
request.getHeader('X-CSRFToken') != session['CONSOLE_CSRF_TOKEN'])check.If the console hasn't been visited yet, there will be no
CONSOLE_CSRF_TOKENin the session, and thus both side of the equations will benull, letting the check pass.The text was updated successfully, but these errors were encountered: