Uploaded image for project: 'Errai'
  1. Errai
  2. ERRAI-979

Provide functionality for CSRF protection

    Details

    • Release Notes Text:
      Hide
      The message bus now has a property, errai.bus.enable_csrf_token (defaults to false), that enables a CSRF token required by every bus request. A filter can be configured to inject the token onto the host page, or else the client bus will negotiate for the token when first connecting.

      There is also a filter for providing the same protection to Errai JAX-RS requests.
      Show
      The message bus now has a property, errai.bus.enable_csrf_token (defaults to false), that enables a CSRF token required by every bus request. A filter can be configured to inject the token onto the host page, or else the client bus will negotiate for the token when first connecting. There is also a filter for providing the same protection to Errai JAX-RS requests.

      Description

      Errai should provide built-in functionality for CSRF protection that can be enabled on demand. This functionality should satisfy Errai message bus requirements (i.e. multiple active .in and .out requests) and also be suitable for the more traditional request/response model.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                mbarkley Max Barkley
                Reporter:
                csa Christian Sadilek
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: