L-CISIRH-BT-NET
Nov 02, 2018Nimbostratus
CSRF protection blocks the whole website instead of csrf attacks only
Hi everybody Working on a VE 11.5.4 I need to activate the CSRF protection that my application does not provide.
The pb is that once activated, ASM blocks everything instead of a real attack. So the website becomes blocked by ASM. Thus, it looks like every navigation on the website is a false positive.
I also noticed in the response pages that the code inserted looks like put in comment and I wonder if it's supposed to be commented or if there's a bug out there :
Does anyone get a hint ?