]
Darran Lofthouse resolved AS7-2383.
-----------------------------------
Fix Version/s: (was: 7.1.0.CR1)
Resolution: Duplicate Issue
Implement CSRF Protection for HTTP Interface
--------------------------------------------
Key: AS7-2383
URL:
https://issues.jboss.org/browse/AS7-2383
Project: Application Server 7
Issue Type: Bug
Components: Domain Management, Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Priority: Critical
For the HTTP interface we need some form of cross site request forgery protection to
cover scenarios where an administrator has already authenticated against AS so the web
browser has cached credentials - we need to prevent malicious requests from the same web
browser.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: