On Fri, Dec 18, 2009 at 11:25 AM, Brad Leupen <[email protected]> wrote:
> Another wish list item: a less API-invasive approach to protecting > against XSRF attacks (see: > http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-applications > ). > > It seems to me that XSRF checks could be baked into the RPC plumbing, > perhaps triggered by annotations on the RPC service interface. The plan for this is at http://code.google.com/p/google-web-toolkit/wiki/RpcAuth though I have no timetable for when it will get implemented. -- John A. Tamplin Software Engineer (GWT), Google -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
