CSRF Protection and Ajax : Error 403 - Token missing
Hi. I'm working on a wicket application (1.4.8). We're using spring-security to login and logout via a LDAP. The login page is a simple jsp file. The csrf protection is activate : The CSRF token is include in the login page : The connection is OK. The only thing who doesn't work is ajax call. Every ajax call are KO because the CSRF token is not present in the ajax request (Error 403 : Forbidden). Someone has any idea about the solution? How to pass the token in every ajax request? Thx. PS : it's not possible to upgrade wicket :( PS2 : Sorry for my bad english -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/CSRF-Protection-and-Ajax-Error-403-Token-missing-tp4673474.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: How to test drop down by changing value multiple times?
Thank you Martin, Yeah, that was absolutely one that I needed. It works great now! -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/How-to-test-drop-down-by-changing-value-multiple-times-tp4673468p4673473.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: CSRF Protection and Ajax : Error 403 - Token missing
Hi, You say that the login page is a JSP, not a Wicket page. So I guess Ajax is native Ajax, not Wicket Ajax. We will need more details to be able to help you. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, Jan 29, 2016 at 3:50 PM, alybubuwrote: > Hi. > > I'm working on a wicket application (1.4.8). > We're using spring-security to login and logout via a LDAP. > The login page is a simple jsp file. > > The csrf protection is activate : > > > > The CSRF token is include in the login page : > > > > The connection is OK. > > The only thing who doesn't work is ajax call. > Every ajax call are KO because the CSRF token is not present in the ajax > request (Error 403 : Forbidden). > > Someone has any idea about the solution? > How to pass the token in every ajax request? > Thx. > > PS : it's not possible to upgrade wicket :( > PS2 : Sorry for my bad english > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/CSRF-Protection-and-Ajax-Error-403-Token-missing-tp4673474.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >