The specific panel *inside* the form is getting updated during each AJAX
request, the form itself stays the same.
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666187.html
Sent from the Users forum mailing
AM, shayy wrote:
The specific panel *inside* the form is getting updated during each AJAX
request, the form itself stays the same.
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666187.html
Sent from the Users
);
if (!requestToken.equals(StringValue.valueOf(token))) {
log.warn(Attempted unauthorized form submission);
}
super.onValidate();
}
}
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666197.html
Sent from
))) {
log.warn(Attempted unauthorized form submission);
}
super.onValidate();
}
}
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666197.html
Sent from the Users forum mailing list
-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666201.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h
that onEvent() will both re-generate
the token on the SecureForm class as well as replace the value on the HTML?
Security wise, is there a reason to do that?
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666201
a different value!
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666204.html
Sent from the Users forum mailing list archive at Nabble.com
/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h
/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h