jQuery CSRF issue on jQuery.get(...)
HPE Fortify Static code analysis flags the below lines as a CSRF issue in all versions of jQuery.
Ref: 1 & 2
Fortify issue description:
The HTTP request at jquery-3.2.1.js line 9307 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
Are there solutions to mitigate this issue?
- return jQuery.get( url, undefined, callback, "script" );
- return jQuery.get( url, data, callback, "json" );
Ref: 1 & 2
Fortify issue description:
The HTTP request at jquery-3.2.1.js line 9307 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
Are there solutions to mitigate this issue?
Topic Participants
sswargam
jakecigar
jtara-jquery