wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Grigorov <mgrigo...@apache.org>
Subject Re: CSRF Protection and Ajax : Error 403 - Token missing
Date Sat, 30 Jan 2016 08:25:07 GMT
I see.
With Wicket 6+ this would be very simple but I don't have a simple solution
for 1.4.x.
The simplest way I see is to monkey-patch the "doGet" method -
https://github.com/apache/wicket/blob/4c437fef16e9c8705cd79246eae67993077490f4/wicket/src/main/java/org/apache/wicket/ajax/wicket-ajax.js#L891-L914
I guess you will need to add
t.setRequestHeader("csrf", Wicket.get('hiddenField').value);

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Sat, Jan 30, 2016 at 8:53 AM, alybubu <burger.alexis@gmail.com> wrote:

> The login page is just here to connect the user to the wicket application.
> The connection and the navigation beetween all wicket pages works fine
> (Csrf
> token is passed correctly).
> The only problem is that every ajax call with wicket are in failure because
> Csrf token is missing in request .
>
>
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/CSRF-Protection-and-Ajax-Error-403-Token-missing-tp4673474p4673478.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message