Add CSRF Token Validation for Security · streamaserver/streama#1087

(0 留言) (2 反應) (0 負責人)JavaScript (9,565 star) (977 fork)batch import

BugHelp wanted

描述

See https://portswigger.net/web-security/csrf/tokens - Currently streama is lacking this type of validation and has potential for security risks due to it.

技術棧: javaspringgroovy
領域: backendsecurity
議題類型: feature
難度: 3
預計時間: half day
活動狀態: stale
清晰度: clear
前置要求: Basic Java/Spring SecurityUnderstanding of CSRF attacks
新手友善度: 40
研究方向: Review the provided Baeldung guide on Spring Security CSRF and adapt it to the Grails framework used by streama. Examine the application's existing security configuration (likely in Grails security plugins or Spring Security XML/Java config) and identify where to enable CSRF protection. Also, check the Grails documentation for CSRF support (e.g., grails.plugin.springsecurity).