Thursday, August 27, 2015

Re: Is it possible to hack GWT by XSRF if the given XSRF defence is not used?

Technically the HTTP headers are enough (beside content-type you also need x-gwt-permutation). But given that you can not control the client browser and the plugins installed you might want to implement some extra hurdles in case the client actually has a security issue.

-- J.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment