From b74ea7baca128a5fc0428c24fd02c56ac66c328d Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Mon, 16 Jan 2017 23:36:01 +0530 Subject: [PATCH 1/2] Adding escape urls to csrf gurad --- .../conf/security/Owasp.CsrfGuard.Carbon.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties index 1dc9d20e..bf300027 100644 --- a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties +++ b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties @@ -462,11 +462,14 @@ org.owasp.csrfguard.unprotected.storeRestApi=%servletContext%/api/appm/store/* org.owasp.csrfguard.unprotected.certificateMgtRestApi=%servletContext%/api/certificate-mgt/* org.owasp.csrfguard.unprotected.deviceMgtRestApi=%servletContext%/api/device-mgt/* org.owasp.csrfguard.unprotected.dcrRestApi=%servletContext%/dynamic-client-web/* - +org.owasp.csrfguard.unprotected.deviceMgtSSOAcs=%servletContext%/devicemgt/uuf/sso/acs +org.owasp.csrfguard.unprotected.deviceMgtAcs=%servletContext%/uuf/sso/acs +org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/invoker/execute/* + #carbon org.owasp.csrfguard.unprotected.Services=%servletContext%/services/* #identity org.owasp.csrfguard.unprotected.acs=%servletContext%/acs/* org.owasp.csrfguard.unprotected.iwa=%servletContext%/iwa/* -org.owasp.csrfguard.unprotected.oauthiwa=%servletContext%/commonauth/iwa/* \ No newline at end of file +org.owasp.csrfguard.unprotected.oauthiwa=%servletContext%/commonauth/iwa/*