Repository: deltaspike Updated Branches: refs/heads/master d778adaef -> dd223d480
DELTASPIKE-1029 avoid windowhandler streaming in some cases Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/dd223d48 Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/dd223d48 Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/dd223d48 Branch: refs/heads/master Commit: dd223d480ee56476107f1e3ec33290fe3ed104de Parents: d778ada Author: Thomas Andraschko <[email protected]> Authored: Wed Nov 25 22:55:33 2015 +0100 Committer: Thomas Andraschko <[email protected]> Committed: Wed Nov 25 22:55:33 2015 +0100 ---------------------------------------------------------------------- .../strategy/ClientSideWindowStrategy.java | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/deltaspike/blob/dd223d48/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/ClientSideWindowStrategy.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/ClientSideWindowStrategy.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/ClientSideWindowStrategy.java index 1ca586b..5957c73 100644 --- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/ClientSideWindowStrategy.java +++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/ClientSideWindowStrategy.java @@ -200,7 +200,27 @@ public class ClientSideWindowStrategy extends AbstractClientWindowStrategy @Override public String interceptRedirect(FacesContext facesContext, String url) { - if (facesContext.getPartialViewContext().isAjaxRequest()) + // following cases we can mark as valid next request: + // 1) request == !ajax and GET + // A redirect via ExternalContext can only be done in a JSF request. + // As the windowId is validated before the JSF lifecycle starts + // (via windowhandler streaming/request token validation), we can assume that the current request + // is valid and we can just mark the next request/redirect as valid, too. + // 2) request == ajax and POST + // Ajax is always a "post back", so the browser tab was already validated in earlier requests. + // + // + // following cases we can NOT mark as valid next request: + // 1) request == !ajax and POST + // This is a Post/Redirect/Get - as the post can be done to a new browser tab + // (via the target attribute on the form), the windowId must NOT be valid. + // 2) request == ajax and GET + // Not a common JSF request. + // + boolean ajax = facesContext.getPartialViewContext().isAjaxRequest(); + boolean post = isPost(facesContext); + boolean get = !post; + if ((!ajax && get) || (ajax && post)) { String requestToken = generateNewRequestToken(); String windowId = getWindowId(facesContext);
