Author: [email protected]
Date: Tue Jul 14 09:00:22 2009
New Revision: 5731
Modified:
trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
Log:
Remove check for strong name header as part of
RemoteServiceServlet.processCall() due to reports of this triggering on
assumed-valid clients.
Will review derpc code based on further review.
Patch by: bobv
Review by: jgw (TBR)
Modified:
trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
==============================================================================
--- trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
(original)
+++ trunk/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
Tue Jul 14 09:00:22 2009
@@ -183,10 +183,6 @@
*/
public String processCall(String payload) throws SerializationException {
try {
- if (getPermutationStrongName() == null) {
- throw new SecurityException(
- "Blocked request with GWT permutation header (XSRF attack?)");
- }
RPCRequest rpcRequest = RPC.decodeRequest(payload, this.getClass(),
this);
onAfterRequestDeserialized(rpcRequest);
return RPC.invokeAndEncodeResponse(this, rpcRequest.getMethod(),
--~--~---------~--~----~------------~-------~--~----~
http://groups.google.com/group/Google-Web-Toolkit-Contributors
-~----------~----~----~----~------~----~------~--~---
