I am current working on AntiForgeryValidatorFilter for MonoRail but
before I start coding I want to have your feedback on the usage and
implementation direction.
Usage:
1. At the server side code
[AntiForgeryValidatorFilter()]
public class HomeController: SmartDispatcherController {
public void Index(){
}
}
2. View Template
<form method="POST" action="....">
${XssHiddenField}
</form>
Implementation:
- The Filter only work for POST
- The Filter will automatically setup AntiForgery Cookie if it doesn't
exist (in encrypted form)
- The Filter will regenerate & store new toke value in Cookie after
successful POST. (not sure if this practical?)
- The Filter will create and store two string value in PropertyBag,
a, XssHiddenField // <input type='hidden' value='tokenString' />
b, XssTokenString // raw token string which usual for crafting
$.ajax $.post etc
- more configuration features
I think the usage is quiet simple and easily integrate into existing
app; now the challenge is
- The Filter will automatically setup AntiForgery Cookie if it doesn't
exist (in encrypted form)
- The Filter will regenerate & store new toke value in Cookie after
successful POST. (not sure if this practical?)
am I going into the right direction?
Thanks,
Sokun
--
You received this message because you are subscribed to the Google Groups
"Castle Project Development List" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/castle-project-devel?hl=en.
