Details

    • Type: Sub-task
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: 2.5.0, 2.5.0-alpha1
    • Component/s: frontend
    • Labels:
      None

      Description

      AT:

      • when the user is logged in, the front-end stores the CSRF token (e.g. in local storage)
      • with every additional request, the CSRF token is send in the request header
      • there is a notification shown to the user if a request was not successful due to the CSRF token validation

      Context:
      For the context of the attack, see the parent ticket. The back-end creates a CSRF token when a login request is peformed. The token is then needed for each further request in order to successfully perform it.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            johannes.heinemann Johannes Heinemann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: