https://stackoverflow.com/questions/17091929
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIf you were using RPC, you can read this document, it has example code for implementing it.
For RF, this question could be helpful.
CSRF token generation in GWT RequestFactory based app
-
31-05-2022 - |
Domanda
including a CSRF prevention token in POST requests and validating it on the server by overriding DefaultRequestTransport and RequestFactoryServlet seems to be simple enough.
However, I have one remaining issue: How can I generate the token and get it to the client the first place?
It is quite possible, ney likely, that I have missed something obvious. I am assuming that I need to create the token when the session is created on the server, store it in the session and pass it to the client.
The client then stores the token in a cookie and passes the token in request headers from that point onwards.
Is there a filter of some sort which I can use to provide the tokens?
Soluzione
Altri suggerimenti
The server generates a random token on the first request and typically includes it in the download of the script.
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
