CodePlexProject Hosting for Open Source Software
Is there a way to add a canary X-RequestDigest to any post operation on Sharepoint webservices post via SPServices ?
To be honest, I have no idea.
Sharepoint Web Services are susceptible to Cross Site Request Forgery attacks if they do not validate a form digest or can not validate the X-RequestDigest value. Based on the security validation document for Sharepoint
one should be able to attach the X-RequestDigest header to a web service call. I have however tried adding random values to the X-RequestDigest header and sent requests to sharepoint web services and there has been no validation.
Can anyone validate that they have seen the same behaviour or if there is anything that can be done to prevent CSRF on Sharepoint web services.
I found a post about it. I'm not sure if you've seen this, but here it is:
Are you sure you want to delete this post? You will not be able to recover it later.
Are you sure you want to delete this thread? You will not be able to recover it later.