Implement CSRF Protection for HTTP Interface -------------------------------------------- Key: AS7-2383 URL: https://issues.jboss.org/browse/AS7-2383 Project: Application Server 7 Issue Type: Bug Components: Domain Management, Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Priority: Critical Fix For: 7.1.0.CR1 For the HTTP interface we need some form of cross site request forgery protection to cover scenarios where an administrator has already authenticated against AS so the web browser has cached credentials - we need to prevent malicious requests from the same web browser. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira