how is csrf filter work,where is the token #16362
Labels
question
Questions that are neither investigations, bugs, nor enhancements
Comments
antoniovicente
added
question
|
You can find docs on the csrf filter at: I don't see references to 'token' in the docs. |
|
Hi @13567436138 , The Envoy CSRF filter does not use a token pattern but instead uses an origin-based one. You can read more on the possible mitigation patterns and why we chose to rely on the origin as well as implementation details in the description of the original PR #6470 :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you are reporting any crash or any potential security issue, do not
open an issue in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged appropriately.
Title: One line description
Description:
The text was updated successfully, but these errors were encountered: