问题
I have web application in which front end is written in GWT. Now I want to implement CSRF Guard on the same web application.
So I would like to know that is it possible to implement CSRF Guard on GWT code because when I tried implementing it CSRF guard's token is not getting injected on any request to server. I'm able to see the response from the server but token is not getting injected and CSRF guard is not working properly.
Could anyone help me on this?? Thanks.
回答1:
IMHO it's can be emulated by
- On the server side create unique number for each session.
- In entry point get it from RPC controller method getCRSFId.
- On onSuccess resume initialization of application.
- In all others methods use result of getCRSFId as first parameter and check it.
回答2:
I have posted the same question on groups.goole.com to get the answer. So I would like to post here discussed points.
- You probably could get CSRF Guard to work but it's easier to use GWT's built in protection
- If you are using GWTP then you should use GWTP's CSRF protection
- If you are using CSRF guard on GWT code then the only thing I can suggest is inject the csrf guard script before the *.nocache.js script.
These point might help someone.
Soucre Link
来源:https://stackoverflow.com/questions/27377608/gwt-csrf-guard-is-it-possible-to-implement-csrf-guard-on-gwt-code