Do not generate page tokens for pages that are not protected
forgedhallpass opened this issue · comments
forgedhallpass commented
Also do not try to inject into forms with GET HTTP method (inject-get-forms) if GET is configured to be an un-protected method by configuration (org.owasp.csrfguard.UnprotectedMethods)
forgedhallpass commented
Fixed by OWASP/www-project-csrfguard@84fb53d