Web Development

Syndicate content 23 

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Last comment 7 August 2019
+ 4   1 2
112

views

+ 4

rating

Hello,

I've got a csp page that has successfully set up a websocket connection to a Cache class. When the websocket object's close function is triggered at the browser I was expecting one of the class' methods to fire at the server. The onclose method is triggered at the browser but nothing at the server. Is a method supposed to fire at the server?

Thanks,

Dan

 

Cache for Windows (x86-64) 2015.1.4 (Build 803_6) Tue May 15 2018 12:08:36 EDT

Last answer 25 July 2019 Last comment 26 July 2019
0   0 2
72

views

0

rating

CSP pages extend %CSP.Page. What about html/css/js/etc that are hosted on the same web application? Is there any way to override how they're processed like with how you can override a CSP page and CSP REST logic?

Thank you!

David

Last answer 16 July 2019 Last comment 15 July 2019
0   1 2
100

views

0

rating