Explore

Filters (0) Clear filters
Languages
Level
Tags

1-4 of 4

CSRF: Disabled CSRF protection (AbstractHttpConfigurer)

Disabling Spring Security's CSRF protection makes the application vulnerable

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • CSRF
  • OWASP Top 10
CSRF: Disabled CSRF protection (HttpSecurity)

Disabling Spring Security's CSRF protection makes the application vulnerable

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • CSRF
  • OWASP Top 10
Security Misconfiguration: Disabled Security Settings: CookieCsrfTokenRepository#withHttpOnlyFalse

Make sure to set HttpOnly to true to protect against CSRF or remove it

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • CSRF
  • OWASP Top 10
Session management: Avoid CSRF: Use narrow mapping for state-changing methods

Non-specified RequestMapping method will map to any HTTP request

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • CSRF