Details

    • Sub-task
    • Status: Done
    • L3 - Default
    • Resolution: Won't Do
    • None
    • 2.5.0, 2.5.0-alpha1
    • frontend
    • None

    Description

      AT:

      • when the user is logged in, the front-end stores the CSRF token (e.g. in local storage)
      • with every additional request, the CSRF token is send in the request header
      • there is a notification shown to the user if a request was not successful due to the CSRF token validation

      Context:
      For the context of the attack, see the parent ticket. The back-end creates a CSRF token when a login request is peformed. The token is then needed for each further request in order to successfully perform it.

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              Unassigned Unassigned
              johannes.heinemann Johannes Heinemann
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce