On Thu, Nov 18, 2010 at 6:35 AM, BobV <[email protected]> wrote: > I guess the big question is whether or not the XSRF protection is a > function of the payload envelope or needs deeper support. If it can > be done at the transport layer, extending DefaultRequestTransport > seems like easy way to mix it in. > > RPC XSRF protection allows for arbitrary serializable implementations to be sent, I'll take a look at the DefaultRequestTransport and see where would be the best place to add this. I'll get on it once this code is in.
Meder -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
