Joget OWASP_CSRFTOKEN in V5

 
1
0
-1

Hi,

Joget has introduced this CSRF token to counter measure the attacks from Java Script or browser; which is very good feature indeed.
But is their a way to disable this feature as we are using multipart request to send data from third party like mobile etc to joget forms; after this CSRF token in V5 we are unable to use V5 for our purposes anymore.
    CommentAdd your comment...

    1 answer

    1.  
      1
      0
      -1

      Hi,

      You can get the CSRF token name and value using the following method then post it together with other data.

      There are SecurityUtil.getCsrfTokenName and SecurityUtil.getCsrfTokenValue method allow you to retrieve the token. You can implement a secure api to retrieve it and use it in your project.

      If you still want to disable it, you can change the value of "org.owasp.csrfguard.Enabled" to false in Owasp.CsrfGuard.properties file under "[tomcat directory]/webapps/jw/WEB-INF/classes".

       

        CommentAdd your comment...