On Wed, May 14, 2014 at 10:43 PM, Valdis Vītoliņš <[email protected]> wrote: > Another idea which couldn't bother normal users for anonymous XWiki > comments would be separation between GET/POST submits, because spammers > mostly use GET instead of POST.
The add comment form uses POST so why do you say the spammers use GET? Note that even if you 'forge' a GET request you still need to add the CSRF token which you need to get from the HTML form. As for the CommentAddAction that Thomas linked, it works indeed with both POST and GET. Limiting the actions that modify the database to POST is indeed a good thing. Thanks, Marius > > I couldn't find how added comment request is handled on server side > though. I suspect, it is not handled with velocity scripts. > > Can you provide some directions? > > Thanks! > Valdis > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
