On Friday, July 26, 2013 5:05:25 PM UTC+4, Thomas Broyer wrote:
On Friday, July 26, 2013 11:53:18 AM UTC+2, Sergei Kirsanov wrote:What's the current state of Request Factory and CSRF/XSRF for 2.5.1 version?Nothing's changed.This post confuses me: http://stackoverflow.com/
questions/6227436/preventing- csrf-when-using-gwts- requestfactoryWhat confuses you?BTW, wrt what's written above about the presence of custom headers being enough (which I'm not sure about, but I'm not a security expert), the DefaultRequestTransport includes two such headersalready, so it's mostly a matter of checking their presence on the server-side:https://gwt.googlesource.com/ gwt/+/2.5.1/user/src/com/ google/web/bindery/ requestfactory/gwt/client/ DefaultRequestTransport.java
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to email@example.com.
To post to this group, send email to firstname.lastname@example.org.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.