CSRF Protection not Working
implmentation of CSRF protection is very simple on f5 device , unfortunately it didn`t work with me and every attempt from my browser " firefox " to access the authenticated URL as "/authenticated/* " is blocked ...
as shown below , here are the javascript token added on page response but why f5 cannot detect this CSRF token !!!
script type="text/javascript"> !-- window["_csrf_"] = "080672e6ab84a0008fd244ab2571f208bfe3204574c6e527769d1127606cff47e44d7efd81a8416297bbec25adbe3c55a10fa3a3ec1061e32adbdd05c697677a31e70c3f284c5b441b92c973e9c7ef6ef767f94488efa7a7f1118c01228fbb42a420ea3f9e8401f18eb2b9c69a16bd35cbf424e7cdd787c2b8178f070c4942f7cfa56107dca8e2d31bbf8aaa476f1472704dc1ba72e035ff6c132d7ad8f384aceea21b0c29b269e1"; //--
Questions: 1- is there any other CSRF tokens should appear somewhere as i studied it should appear also on url as a paramter ??
2- what are the prerequisites for enabling CSRF ?