Experts,
I was trying to get CSRFGuard3 working for my Java application. The
documentation didn't seem to help me here as I couldn't find any valid way to specify the unprotected pages for my app.
I have two small queries:
1) Is there a specific meaning of MYTAG in org.owasp.csrfguard.unprotected.<MYTAG>=/xyz/ ? I mean, does csrfguard look for these tags in a specified set of tags and may not function correctly if I give a random tag here like "MYTAG" in this example?
2) My webapp structure looks like this:
/admin/util/ - There are multiple .jsp, .js and .ico
/admin/util/charts/ - Again there are multiple .jsp, .js and .ico
I want /admin/util/*.js and /admin/util/*.ico need to be unprotected. Is there a way to specify this withing one unprotected tag? If yes, how?
Any help would be appreciated.
Thanks.
Neeraj