You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The correct way to avoid this issue is sending the CSRF token along with the request. Since this is a JSP page and the request is done through a form submit, in the JSP page following should be added.
On top of the page, following taglib should be added which references the OWASP CSRF Guard.
<%@ taglib uri="http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld" prefix="csrf" %>
Then in the HTML form, following parameter should be added in the action.
Upload Jaggery application fail in carbon management console with CSRF protection. This issue is reproducible with the WSO2 EMM 2.2.0 pack.
Steps to reproduce.
Start the EMM 2.2.0
Log into carbon management console
Add jaggery app
Hit upload
You can see the following error message
[2017-03-16 11:16:49,282] WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1, method:POST, uri:/fileupload/jaggeryapp, error:required token is missing from the request)
Regards,
Vishanth
Moved from https://wso2.org/jira/projects/JAGGERY/issues/JAGGERY-430
The text was updated successfully, but these errors were encountered: