inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.N (5.2.1) to HEAD (5.2)

Browse Source 
131530 kroast: ACE-4881 - [Pentest 121015] Multiple admin CSRF
      - Fix issue spotted by Michael Suzuki, where the /s endpoint was not configured correctly to generate CSRF tokens


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@132270 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-11-03 13:53:13 +00:00
parent 01156b23b5
commit 507e3f1c04
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/alfresco/web-client-security-config.xml
View File

@@ -69,6 +69,16 @@
<param name="cookie">{token}</param> <param name="cookie">{token}</param>
</action> </action>
</rule> </rule>
<rule>
<request>
<method>GET</method>
<path>/s/enterprise/admin/.*</path>
</request>
<action name="generateToken">
<param name="session">{token}</param>
<param name="cookie">{token}</param>
</action>
</rule>
<!-- <!--
Verify multipart requests contain the token as a parameter Verify multipart requests contain the token as a parameter