On Friday, July 26, 2013 11:53:18 AM UTC+2, Sergei Kirsanov wrote:
What's the current state of Request Factory and CSRF/XSRF for 2.5.1 version?
This post confuses me: http://stackoverflow.com/
questions/6227436/preventing- csrf-when-using-gwts- requestfactory
What confuses you?
BTW, wrt what's written above about the presence of custom headers being enough (which I'm not sure about, but I'm not a security expert), the DefaultRequestTransport includes two such headersalready, so it's mostly a matter of checking their presence on the server-side:
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To post to this group, send email to email@example.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.
Post a Comment