我想在 tomcat 中禁用 CSRF 守卫。我不知道如何让返回页面刷新按钮起作用。目前,我只想禁用与 csrf 相关的所有内容。为此,有一个文件Owasp.CsrfGuard.Properties文件。有以下属性:
org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
org.owasp.csrfguard.TokenLength=32
org.owasp.csrfguard.PRNG=SHA1PRNG
org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
org.owasp.csrfguard.NewTokenLandingPage=PYEntry.jsp
org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, uri:%request_uri%, error:%exception_message%)
org.owasp.csrfguard.unprotected.QualificationPage=/pondicheryJan30/qualification.do
org.owasp.csrfguard.unprotected.PersonalPage=/pondicheryJan30/personal.do
org.owasp.csrfguard.unprotected.DownloadResume=/pondicheryJan30/DownloadResumeAction.do
org.owasp.csrfguard.unprotected.allotUpdatePage=/pondicheryJan30/allotUpdate.do
org.owasp.csrfguard.unprotected.PersonalEditPage=/pondicheryJan30/personalEdit.do
org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect
org.owasp.csrfguard.action.Redirect.Page=globalerror.jsp