Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-2105 Protect Optimize from CSRF attacks
  3. OPT-2161

Store csrf session token in front-end

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Won't Do
    • L3 - Default
    • 2.5.0-alpha1, 2.5.0
    • None
    • frontend
    • None

    Description

      AT:

      • when the user is logged in, the front-end stores the CSRF token (e.g. in local storage)
      • with every additional request, the CSRF token is send in the request header
      • there is a notification shown to the user if a request was not successful due to the CSRF token validation

      Context:
      For the context of the attack, see the parent ticket. The back-end creates a CSRF token when a login request is peformed. The token is then needed for each further request in order to successfully perform it.

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              Unassigned Unassigned
              johannes.heinemann Johannes
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce