Project

General

Profile

Feature #97305

Updated by Oliver Hader about 2 years ago

see https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#login-csrf 

 Future topics after PS25 (https://review.typo3.org/c/Packages/TYPO3.CMS/+/74183/25) in separate patch: 

 * maybe reuse @Nonce@ cookie? 
 * @AbstractUserAuth@ event handling tokens 
 * Extbase generic handling 
 * @RequestToken->consumed@ property

Back