Hi Does RequestFactory has included XSRF protection? For RPC Requests I see the XsrfProtectedServiceServlet. But I don't see a XsrfProtectedRequestFactoryServlet or similar. While the documentation states that RequestFactory is better and newer and should be used. Does this mean it has XSRF protection included, or would one have to rebuild what XsrfProtectedServiceServlet does for the RequestFactoryServlet?
And why does the XsrfProtectedServiceServlet need the session cookie name injected? Why doesn't it simply use HttpServletRequest.getSession().getId() which wouldn't need any manual configuration? Regards -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
