Jasper Ideas

Change org.owasp.csrfguard.TokenName to not use underscore by default and change org.owasp.csrfguard.TokenLength to be minimum at 128.

The current org.owasp.csrfguard.TokenName contains underscores, which causes issues with Amazon Load Balancer as it does not support that character. Additionally, it is uncommon to have an underscore in HTTP headers based on the RFC9110 documentation.

We believe that the org.owasp.csrfguard.TokenLength of 32 characters is insecure and should be increased to at least 128 characters.

While instructions on how to modify these properties have been provided, it would be better if these configurations were set as out-of-the-box (OOTB) defaults.

  • Wildan Mahad Tahtadi
  • Sep 12 2024
  • To be Reviewed
Components JasperReports Server
  • Attach files