Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-2105 Protect Optimize from CSRF attacks
  3. OPT-2161

Store csrf session token in front-end

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Won't Do
    • Icon: L3 - Default L3 - Default
    • 2.5.0-alpha1, 2.5.0
    • None
    • frontend
    • None

      AT:

      • when the user is logged in, the front-end stores the CSRF token (e.g. in local storage)
      • with every additional request, the CSRF token is send in the request header
      • there is a notification shown to the user if a request was not successful due to the CSRF token validation

      Context:
      For the context of the attack, see the parent ticket. The back-end creates a CSRF token when a login request is peformed. The token is then needed for each further request in order to successfully perform it.

        This is the controller panel for Smart Panels app

              Unassigned Unassigned
              johannes.heinemann Johannes
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: