We are currently using it in production. The code hasn't changed since at least 2.6.0 (and probably earlier). The only problems we currently have are that sometimes the client doesn't fetch a new token on start or that the client has to refresh the browser after the session expired.
On Tuesday, 31 October 2017 13:36:16 UTC+1, Rencia Cloete wrote: > > Gwt Documentation > http://www.gwtproject.org/doc/latest/DevGuideSecurityRpcXsrf.html as well > as GWT IN action > https://manning-content.s3.amazonaws.com/download/d/07888ea-bada-44cc-9c55-ead15ea7fe85/GWT_sample-07.pdf > > recommend extending XsrfProtectedService on client side and > XsrfProtectedServiceServlet on server side.... > > But both thse methods are still marked as "EXPERIMENTAL and subject to > change. Do not use this in production code. " > > What gives? is this a leftover - or are they now safe to use in production? > > Thanks for your help in advance! > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
