Uploaded image for project: 'mod-login-saml'
  1. mod-login-saml
  2. MODLOGSAML-63

Implement CSRF Prevention

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      CP: sprint 91, CP: sprint 92, CP: sprint 113, CP: sprint 114
    • Story Points:
      5
    • Development Team:
      Core: Platform

      Description

      Overview

      This is a follow-up to the investigation done for MODLOGSAML-59 / MODLOGSAML-58 and covers implementation of the design outlined on the wiki

      Acceptance Criteria

      • CORS handling is done by the module
      • * tenant-specific origin whitelist
      • * Access-Control-Allow-Origin is set to the origin, not *
      • * Access-Control-Allow-Credentials is set to true for /saml/login
      • CSRF prevention is implemented via RelayState and a associated cookie

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                hji Hongwei Ji
                Reporter:
                cmcnally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases