I am trying to protect my web application using OWASP CSRFGuard. Below are the required configuration files
web.xml
<servlet>
<servlet-name>CsrfServlet</servlet-name>
<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
<init-param>
<param-name>source-file</param-name>
<param-value>WEB-INF/csrfguard.js</param-value>
</init-param>
<init-param>
<param-name>inject-into-forms</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>inject-into-attributes</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>domain-strict</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>referer-pattern</param-name>
<param-value>.*</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>CsrfServlet</servlet-name>
<url-pattern>/csrfguard</url-pattern>
</servlet-mapping>
I have placed the required csrfguard.js and csrfguard.properties in web/WEB-INF/ directory (without any modification). I have also placed the following line in one test jsp page
<script src="/csrfguard"></script>
But whenever the page is loaded the browser gives a 404 error while loading csrfguard.
I am not sure what I am doing wrong here. Some help would be appreciated.
