wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shayy <sha...@gmail.com>
Subject Implementing a SecureForm to avoid CSRF attacks
Date Tue, 10 Jun 2014 15:04:55 GMT
I'm trying to implement a SecureForm (extends Form) which dynamically adds a
hidden field to prevent CSRF attacks as described here:

My problem is that my form contains a panel with tabs, each tab refreshes
the Form class through ajax but the HTML stays the same.
The result is that when I try to enter the first tab, click on the second
tab and try to post it I'm getting invalid tockens since the second tab HTML
has the first token but it's Form class already instantiated a new CSRF

Anyone have an idea how i can replace the injected HTML from the
I'd like to try and use this approach (token field in the SecureForm class)
instead of just putting the token inside the session.


View this message in context: http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175.html
Sent from the Users forum mailing list archive at Nabble.com.

To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

View raw message