request through a proxyPass problem

OWASP / www-project-csrfguard

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

https://owasp.org/www-project-csrfguard/

BSD 3-Clause "New" or "Revised" License

77 stars 38 forks source link

request through a proxyPass problem #255

Closed stefano-1973 closed 3 months ago

stefano-1973 commented 3 months ago

As explained in the pull-request #254, the library fails with a web server served by a proxyPass. The user receives this message: "a OWASP CSRFGuard JavaScript was included from within an unauthorized domain". More details in the pull request.

(Excuse me if the pull request was enough and this ticket useless)

forgedhallpass commented 3 months ago

Hello @stefano-1973,

Thank you for pointing this out and for contributing to improving the code. I've left some minor comments in the PR, once those are changed I'll merge it. With regards to the ticket, this is the expected procedure. Ticket first, then an associated PR.