Query parameters were passed in request URL

sidharth1917

Registered Developer

Join Date: Feb 2017

Posts: 174
#1

Query parameters were passed in request URL

8 Nov 2017, 23:20

Hi Isomorphic,

Query parameters were passed over SSL and may contain sensitive information.

When any post request is made using RPCManager, some isomorphic parameters are appended to query string automatically by the smartGWT framework as mentioned below.
POST /myproject/project/getdetails?_csrf=abs-err0-4a78-8274-
3803e7ab4388&isc_rpc=1&isc_v=v11.0p_2017-02-11&isc_xhr=1 HTTP/1.1

Is there a way to pass these parameters as post data?

Regards
Sidharth
Tags: None
Isomorphic

Administrator

Join Date: May 2006

Posts: 54650
#2

9 Nov 2017, 14:00

_csrf does not come from the framework - you're adding that in application code, so if you are concerned about it, you should modify your code so that it appear in POST data instead.

The others have no security implications. If you disagree, we will need to see a practical attack against a correctly configured SmartGWT application where these query parameters allow the attack to be carried out.
Comment

Previous template Next

Announcement