Store csrf session token in front-end

XMLWordPrintable

    • Type: Sub-task
    • Resolution: Won't Do
    • Priority: L3 - Default
    • 2.5.0-alpha1, 2.5.0
    • Affects Version/s: None
    • Component/s: frontend
    • None

      AT:

      • when the user is logged in, the front-end stores the CSRF token (e.g. in local storage)
      • with every additional request, the CSRF token is send in the request header
      • there is a notification shown to the user if a request was not successful due to the CSRF token validation

      Context:
      For the context of the attack, see the parent ticket. The back-end creates a CSRF token when a login request is peformed. The token is then needed for each further request in order to successfully perform it.

        This is the controller panel for Smart Panels app

              Assignee:
              Unassigned
              Reporter:
              Johannes
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: