The current org.owasp.csrfguard.TokenName
contains underscores, which causes issues with Amazon Load Balancer as it does not support that character. Additionally, it is uncommon to have an underscore in HTTP headers based on the RFC9110 documentation.
We believe that the org.owasp.csrfguard.TokenLength
of 32 characters is insecure and should be increased to at least 128 characters.
While instructions on how to modify these properties have been provided, it would be better if these configurations were set as out-of-the-box (OOTB) defaults.
Components | JasperReports Server |