CSRF Protection and Ajax : Error 403 - Token missing

2016-01-29 Thread alybubu 
Hi.

I'm working on a wicket application (1.4.8).
We're using spring-security to login and logout via a LDAP.
The login page is a simple jsp file.

The csrf protection is activate :



The CSRF token is include in the login page :



The connection is OK.

The only thing who doesn't work is ajax call.
Every ajax call are KO because the CSRF token is not present in the ajax
request (Error 403 : Forbidden).

Someone has any idea about the solution?
How to pass the token in every ajax request?
Thx.

PS : it's not possible to upgrade wicket :(
PS2 : Sorry for my bad english

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/CSRF-Protection-and-Ajax-Error-403-Token-missing-tp4673474.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: How to test drop down by changing value multiple times?

2016-01-29 Thread bilguun 
Thank you Martin, 

Yeah, that was absolutely one that I needed. It works great now!

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/How-to-test-drop-down-by-changing-value-multiple-times-tp4673468p4673473.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: CSRF Protection and Ajax : Error 403 - Token missing

2016-01-29 Thread Martin Grigorov 
Hi,

You say that the login page is a JSP, not a Wicket page.
So I guess Ajax is native Ajax, not Wicket Ajax.
We will need more details to be able to help you.

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Fri, Jan 29, 2016 at 3:50 PM, alybubu  wrote:

> Hi.
>
> I'm working on a wicket application (1.4.8).
> We're using spring-security to login and logout via a LDAP.
> The login page is a simple jsp file.
>
> The csrf protection is activate :
>
> 
>
> The CSRF token is include in the login page :
>
> 
>
> The connection is OK.
>
> The only thing who doesn't work is ajax call.
> Every ajax call are KO because the CSRF token is not present in the ajax
> request (Error 403 : Forbidden).
>
> Someone has any idea about the solution?
> How to pass the token in every ajax request?
> Thx.
>
> PS : it's not possible to upgrade wicket :(
> PS2 : Sorry for my bad english
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/CSRF-Protection-and-Ajax-Error-403-Token-missing-tp4673474.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>