Issue #8376: FreeIPA - Dogtag enableNonce=false, should be true - freeipa

freeipa

#8376 FreeIPA - Dogtag enableNonce=false, should be true

Opened 3 years ago by cipherboy. Modified 3 years ago

Request for enhancement

As an admin, I want my Dogtag to use nonces for protection against CSRF and Reflected XSS. By disabling enableNonce, the CA will disable all nonce protection. This mostly affects certain CA operations, such as approving a certificate request.

This has been disabled since early commits: https://github.com/freeipa/freeipa/commit/8d164569d0e4ee79089ae224ac6f5a569c291cdb

We should look into enabling this again.

Issue

Nonce should be enabled by default.

Steps to Reproduce

https://github.com/freeipa/freeipa/blob/master/ipaserver/install/cainstance.py#L411
2.
3.

Actual behavior

Nonces Disabled

Expected behavior

Nonces Enabled.

Version/Release/Distribution

current master

Additional info:

None

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8376 FreeIPA - Dogtag enableNonce=false, should be true Opened 3 years ago by cipherboy. Modified 3 years ago

Close issue as:

Request for enhancement

Issue

Steps to Reproduce

Actual behavior

Expected behavior

Version/Release/Distribution

Additional info:

Metadata

#8376 FreeIPA - Dogtag enableNonce=false, should be true

Opened 3 years ago by cipherboy. Modified 3 years ago