Hi,
1) I used a hidden field wosid for prevent CSRF vulnerability for a standard
WOnder application ( ) .
I just compare this hidden field with the real sessionID.
Now, I want to used the same protection in some ajaxified components. Problem :
by default, the http post is partial and wosid is n
Hi Pierre,
there is a global AjaxOptions.defaultOptions function which is used in all
Wonder Ajax-Requests where you can hookup such things via JavaScript.
We also use it to send a CSRF token as requestHeader:
if (AjaxOptions && typeof AjaxOptions.defaultOptions === 'function' &&
csrftok
