So far the insert of an Anti-CSRF token works for every type of component. The token check can either be inserted by using the @Protected annotation at a page or on an event handling method. A problem with the redirect-after-post approach is that the following GET request after a form POST cannot be enhanced with an Anti-CSRF token. I will try to solve this problem later, next task is to protect Ajax based requests.
Keine Kommentare:
Kommentar veröffentlichen