Hi, the CSRF protection module is now stable enough to relase version 1.0. It is available at the project home page http://code.google.com/p/gsoc2011-csrf-protection/ and contains all binary artifacts, a user guide and the API documentation. It is compatible to Tapestry 5.3.0, only the AjaxFormLoop component protection requires minor changes to Tapestry. These changes are provided as patch (updated patch available in JIRA). There are two demo applications (.war) that demonstrate the functionality. Uli is going to deploy them to tapestry.zones.apache.org.
For the GSoC final evaluation I will submit the current version. However, I would like to move the complete module into the Tapestry project. Therefore I will create a patch including the protection module. Before I do this integration it would be great to get some feedback on the current solution. Finally the question is also if I should integrate the CSRF protection into the tapestry-core project or to have a separate submodule. I would prefer to have a separate submodule since the logic is currently clearly separated and I don't want to bloat the core package. BR Markus -- View this message in context: http://tapestry.1045711.n5.nabble.com/Cross-site-request-forgery-protection-module-tp4685937p4685937.html Sent from the Tapestry - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
