I've been using GWT-RPC up until this point, but would like to make
the switch to RequestFactory shortly. I'm a bit confused as to how to
prevent CSRF/XSRF with RequestFactory though.
As per http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ,
up to this point I've been sending the session ID within the *payload*
of each RPC. Works great. Should I be doing something similar with
RequestFactory? Any and all suggestions greatly welcome!
Thanks,
Daniel
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment