Tuesday, November 30, 2010

How to prevent CSRF/XSRF when using RequestFactory

Hi guys,

I've been using GWT-RPC up until this point, but would like to make
the switch to RequestFactory shortly. I'm a bit confused as to how to
prevent CSRF/XSRF with RequestFactory though.

As per http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ,
up to this point I've been sending the session ID within the *payload*
of each RPC. Works great. Should I be doing something similar with
RequestFactory? Any and all suggestions greatly welcome!

Thanks,
Daniel

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

No comments:

Post a Comment