Hi devs,
I've been working on a CSRF protection mechanism for quite some time.
It is based on so called secret tokens (also called nonces) that are
included into forms and links and checked on server side. The
implementation allows to resubmit a failed request (e.g. in case the
user is logged out in the meanwhile), so that the data is not lost in
case of bugs.
JIRA issue:
http://jira.xwiki.org/jira/browse/XWIKI-4873
Component implementation:
http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/xwiki-csrftoken/
Old proposal:
http://lists.xwiki.org/pipermail/devs/2010-March/017727.html
I think it is time to move the CSRF component to the main repository and
start using it everywhere. The protection will be disabled by default
until all bugs are fixed.
The steps to do would be:
1. Move CSRF token component to platform
2. Fix all templates to use CSRF tokens
3. Fix all applications to use CSRF tokens
4. Fix all actions to check CSRF tokens
5. Fix all integration tests to work with enabled CSRF protection
I have patches for steps 2-4, but NOT for 5. Many (about 30-40 last time
I counted) integration tests still fail with enabled CSRF protection,
because they (mis)use CSRF to set up tests (edit/create pages).
Here is my +1
WDYT?
Thanks,
Alex