Friday, July 26, 2013

Re: How to prevent CSRF/XSRF when using RequestFactory

On Friday, July 26, 2013 11:53:18 AM UTC+2, Sergei Kirsanov wrote:
What's the current state of Request Factory and CSRF/XSRF for 2.5.1 version?

Nothing's changed.
This post confuses me:

What confuses you?

BTW, wrt what's written above about the presence of custom headers being enough (which I'm not sure about, but I'm not a security expert), the DefaultRequestTransport includes two such headersalready, so it's mostly a matter of checking their presence on the server-side:

You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

No comments:

Post a Comment