search

davidashman / bbworld2013-client

0 stars 0 forks source link

Enhancement request: XSRF Annotation #1

Open justinwrobel opened 9 years ago

justinwrobel commented 9 years ago

This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:

@Controller
@RequestMapping("Petshop")
 public class PetShopController {
         @XSRF("buying-a-pet")//proposed annotation
         @RequestMapping(method = RequestMethod.POST)
         public Map<String, String> submit(HttpServletRequest request) {...

Would you consider adding an XSRF annotation that accepts a value?

davidashman commented 9 years ago

Thanks for the info.  How would you expect the annotation value to work?

dave

On September 26, 2014 at 4:25:48 PM, Justin Wrobel (notifications@github.com) wrote:

This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:

@Controller @RequestMapping("Petshop") public class PetShopController { @XSRF("buying-a-pet")//proposed annotation @RequestMapping(method = RequestMethod.POST) public Map<String, String> submit(HttpServletRequest request) {...

Would you consider adding an XSRF annotation that accepts a value?

— Reply to this email directly or view it on GitHub.

justinwrobel commented 9 years ago

Hey David, Thanks for the reply! The @XSRF annotation would just signal an interceptor to check the nonce against the annotation's value. Kind of like how the RequestMapping is already processed in XSRFInterceptor.

On Mon, Sep 29, 2014 at 9:53 AM, David Ashman notifications@github.com wrote:

Thanks for the info. How would you expect the annotation value to work?

dave

On September 26, 2014 at 4:25:48 PM, Justin Wrobel ( notifications@github.com) wrote:

This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:

@Controller @RequestMapping("Petshop") public class PetShopController { @XSRF("buying-a-pet")//proposed annotation @RequestMapping(method = RequestMethod.POST) public Map<String, String> submit(HttpServletRequest request) {...

Would you consider adding an XSRF annotation that accepts a value?

— Reply to this email directly or view it on GitHub.

— Reply to this email directly or view it on GitHub https://github.com/davidashman/bbworld2013-client/issues/1#issuecomment-57163476 .

davidashman commented 9 years ago

Ah - ok.  Let me take a look.

dave

On September 29, 2014 at 10:32:43 AM, Justin Wrobel (notifications@github.com) wrote:

Hey David, Thanks for the reply! The @XSRF annotation would just signal an interceptor to check the nonce against the annotation's value. Kind of like how the RequestMapping is already processed in XSRFInterceptor.

On Mon, Sep 29, 2014 at 9:53 AM, David Ashman notifications@github.com wrote:

Thanks for the info. How would you expect the annotation value to work?

dave

On September 26, 2014 at 4:25:48 PM, Justin Wrobel ( notifications@github.com) wrote:

This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:

@Controller @RequestMapping("Petshop") public class PetShopController { @XSRF("buying-a-pet")//proposed annotation @RequestMapping(method = RequestMethod.POST) public Map<String, String> submit(HttpServletRequest request) {...

Would you consider adding an XSRF annotation that accepts a value?

— Reply to this email directly or view it on GitHub.

— Reply to this email directly or view it on GitHub https://github.com/davidashman/bbworld2013-client/issues/1#issuecomment-57163476 .

— Reply to this email directly or view it on GitHub.