CSRF/XSRF prevention in Restlet

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CSRF/XSRF prevention in Restlet

I am using Restlet 2.2.0 and CookieAuthentication with an embedded Jetty plugin. In my application, I have 2 sets of pages.
   1) Pages that can be viewed by an unauthenticated user
   2) Pages that can be viewed only by an authenticated user

In both cases, I want to prevent CSRF/XSRF attack. It seems that by default Restlet applications are vulnerable to CSRF/XSRF unless we do "something" to prevent this. I could not figure out what to do in my application to prevent such attacks. I have read about many solutions in the internet, but none of them are discussing in reference to Restlet applications.

I would appreciate if someone can guide me on how to prevent a Restlet application from CSRF/XSRF attacks.