projects / tomcat7.0 / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 89d0a8e) | patch
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49476
authormarkt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Thu, 24 Jun 2010 09:57:02 +0000 (09:57 +0000)
committermarkt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Thu, 24 Jun 2010 09:57:02 +0000 (09:57 +0000)
commitd97571cce4a65a2b3141588dea892dcd2e3daf8f
tree88279f7319c41a3f3ecc28936aaa0fbb755b0b2ctree | snapshot
parent89d0a8e844166726dbd2a85f7bdeee7fd7dc7d50commit | diff
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49476
CSRF protection was preventing access to session expiration features
Also:
- Switch Manager app to generic CSRF protection
- Add support for multiple nonces to CSRF filter
- Improve 403 page
- Don't open JSP pages in session expiration in a new window - makes CSRF prevention a real pain

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@957478 13f79535-47bb-0310-9956-ffa450edef68
java/org/apache/catalina/filters/CsrfPreventionFilter.java diff | blob | history
java/org/apache/catalina/manager/HTMLManagerServlet.java diff | blob | history
java/org/apache/catalina/manager/LocalStrings.properties diff | blob | history
webapps/docs/config/filter.xml diff | blob | history
webapps/manager/403.jsp diff | blob | history
webapps/manager/WEB-INF/jsp/sessionDetail.jsp diff | blob | history
webapps/manager/WEB-INF/jsp/sessionsList.jsp diff | blob | history
webapps/manager/WEB-INF/web.xml diff | blob | history
Unnamed repository; edit this file to name it for gitweb.