[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Commented: (ODATA-262) Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF)
[ http://tools.oasis-open.org/issues/browse/ODATA-262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=33619#action_33619 ] Ralf Handl commented on ODATA-262: ---------------------------------- The mechanism is e.g. described here: http://help.sap.com/saphelp_gateway20sp05/helpdata/en/e6/cae27d5e8d4996add4067280c8714e/frameset.htm > Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF) > --------------------------------------------------------------------------------------------- > > Key: ODATA-262 > URL: http://tools.oasis-open.org/issues/browse/ODATA-262 > Project: OASIS Open Data Protocol (OData) TC > Issue Type: New Feature > Components: OData Protocol > Affects Versions: V4.0_WD01 > Environment: [Proposed] > Reporter: Ralf Handl > Fix For: V4.0_WD01 > > > A good CSRF protection pattern is that the server issues a CSRF token that is communicated to the in a special header in responses to GET requests. > This CSRF token must be included in a special header in subsequent modifying requests. > To guarantee interoperability between different OData implementations the choreography, header names, and header formats must be standardized. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]