Hi,
Please file a ticket at JIRA.
I think the check should be added
at
org.apache.wicket.protocol.ws.api.AbstractWebSocketProcessor#AbstractWebSocketProcessor(HttpServletRequest,
WebApplication) so that it is available for all native integrations.
We can also add a setting in WebSocketSettings
Hi fellow Wicketers,
I have a question regarding CSWH. I was reading this article recently:
http://www.notsosecure.com/blog/2014/11/27/how-cross-site-websocket-hijacking-could-lead-to-full-session-compromise/
It made me wondering how can I implement my protection against this kind of
attack? My