-
Saket Patel authoredIssue: - html client has jsp session timeout of 5 mins, so after that it needs to recreate jsp session based on valid authtoken but we had code that sets csrfSupported to false if request type is POST Resolution: - zm-taglib: ZJspSession.java, revert back change which checked request type for setting csrfSupported flag, which was done to fix https://bugzilla.zimbra.com/show_bug.cgi?id=104828 issue, I think we should blindly not consider all POST requests as CSRF vectors - zm-web-client: newBriefCheck.tag & briefcaseListViewToolbar.tag, properly fix https://bugzilla.zimbra.com/show_bug.cgi?id=104828 by checking for valid crumb when trying to upload briefcase attachment
04a31f62