This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/ofbiz-site.gitThe following commit(s) were added to refs/heads/master by this push:
new e264d18 Improved: Update for csrf-token
e264d18 is described below
commit e264d18c854fc1096b775d9129c77dc3ef35e967
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Wed Jul 8 10:30:48 2020 +0200
Improved: Update for csrf-token
---
dtds/site-conf.xsd | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/dtds/site-conf.xsd b/dtds/site-conf.xsd
index 01d0046..44d98a5 100644
--- a/dtds/site-conf.xsd
+++ b/dtds/site-conf.xsd
@@ -309,6 +309,14 @@ under the License.
<xs:annotation>
<xs:documentation>
If true csrf token is expected. If false no csrf token check. Default to "".
+
+ When csrf-token is empty or not set, the behaviour should be determined by
+ CsrfDefenseStrategy class (or another implementation of ICsrfDefenseStrategy).
+
+ When csrf-token is explicitly set to either true or false,
+ CsrfDefenseStrategy class (or another implementation of ICsrfDefenseStrategy)
+ should follow the setting.
+ So if true, csrf token is expected. If false, no csrf token check.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
Locked
