OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

odata message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Created: (ODATA-262) Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF)


Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF)
---------------------------------------------------------------------------------------------

                 Key: ODATA-262
                 URL: http://tools.oasis-open.org/issues/browse/ODATA-262
             Project: OASIS Open Data Protocol (OData) TC
          Issue Type: New Feature
          Components: OData Protocol v1.0
    Affects Versions: WD01
         Environment: [Proposed]
            Reporter: Ralf Handl
             Fix For: WD01


A good CSRF protection pattern is that the server issues a CSRF token that is communicated to the in a special header in responses to GET requests.
This CSRF token must be included in a special header in subsequent modifying requests.

To guarantee interoperability between different OData implementations the choreography, header names, and header formats must be standardized.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]