aramrami/OWASP-CSRFGuard

Tokens not injected in dynamic content returned from Ajax

bwolin opened this issue · 2 comments

My application posts a form using Ajax successfully. The response, however, contains links that are appended to the DOM. Those links are never processed and they are therefore all failing.

I have validated that the injectAttributes variable is set to true.

`

	var injectForms = true;

	var injectGetForms = true;

	var injectFormAttributes = true;

	var injectAttributes = true;`

Sorry if I am missing something obvious here, but is this a supported feature? I can't find any documentation indicating how to manually post-process content we get using ajax.

Thanks in advance for any clues as to how to get this use case to work.

This is not currently possible with the 3.1.0 release, but I've implemented it in #148.
The #136 pull request contains a lot of changes I've made with the intention of creating 4.0 version of the CSRFGuard. It is currently in a release candidate stage that I am testing in couple of projects. Feel free to give it a try and provide your feedback.

The changes covering this scenario has been merged into the official master repository. You can find the new version under releases

Your feedback is welcome.