[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (ODATA-262) Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF)
[ https://issues.oasis-open.org/browse/ODATA-262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ralf Handl updated ODATA-262: ----------------------------- Fix Version/s: CN01 (was: V4.0_WD01) > Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF) > --------------------------------------------------------------------------------------------- > > Key: ODATA-262 > URL: https://issues.oasis-open.org/browse/ODATA-262 > Project: OASIS Open Data Protocol (OData) TC > Issue Type: New Feature > Components: Securing OData > Affects Versions: V4.0_WD01 > Environment: [Proposed] > Reporter: Ralf Handl > Assignee: Ralf Handl > Fix For: CN01 > > > A good CSRF protection pattern is that the server issues a CSRF token that is communicated to the in a special header in responses to GET requests. > This CSRF token must be included in a special header in subsequent modifying requests. > To guarantee interoperability between different OData implementations the choreography, header names, and header formats must be standardized. -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]