Hi, I'm looking for protection against CSRF and found and old issue for Apache Wicket 1.3.4.
https://issues.apache.org/jira/browse/WICKET-1782 And as far as have understood the Apache Wicket does not support Synchronizer Token Pattern, as suggested at https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet but did in Apache Wicket 1.3 supported CryptedUrlWebRequestCodingStrategy, So now my question. - Does Apache Wicket 6 support CryptedUrlWebRequestCodingStrategy? Cannot find the CryptedUrlWebRequestCodingStrategy class? If the class have been renamed, please submit an example how to use this new class. - Does Apache Wicket 6 support any other solution to hinder CSRF? -- Med vänliga hälsningar Magnus K Karlsson Mobile: +46 (0)70 218 00 84 Email: magnus.r.karls...@gmail.com Blog: magnus-k-karlsson.blogspot.com