Menu
I'm looking at possible solutions to protect my GWT app against XSRF.
If I understand GWT's solution correctly - it makes available a Servlet which you use to both generate the token on the client-side (when calling your RPC endpoint) and to validate on the server-side (when the call hits your service).
Does this solution only cater for RPC calls? Surely we need it to cover all user generated requests to the server?
Any other recommended XSRF solutions (I'm also looking at OWASP's CSRFGuard)?
558
I modified the GWT Sample App to be protected against XSRF. This solution is roughly based of the solution provided in the GWT developer docs. http://code.google.com/p/xsrf-safe/
117
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
