Do not generate page tokens for pages that are not protected

Question

Do not generate page tokens for pages that are not protected

forgedhallpass opened this issue 4 years ago · comments

Also do not try to inject into forms with GET HTTP method (inject-get-forms) if GET is configured to be an un-protected method by configuration (org.owasp.csrfguard.UnprotectedMethods)

forgedhallpass · Answer 1 · Wed Sep 15 2021 18:34:20 GMT+0800 (China Standard Time)

Fixed by OWASP/www-project-csrfguard@84fb53d