Open justinwrobel opened 9 years ago
Thanks for the info. How would you expect the annotation value to work?
dave
On September 26, 2014 at 4:25:48 PM, Justin Wrobel (notifications@github.com) wrote:
This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:
@Controller @RequestMapping("Petshop") public class PetShopController { @XSRF("buying-a-pet")//proposed annotation @RequestMapping(method = RequestMethod.POST) public Map<String, String> submit(HttpServletRequest request) {...
Would you consider adding an XSRF annotation that accepts a value?
— Reply to this email directly or view it on GitHub.
Hey David, Thanks for the reply! The @XSRF annotation would just signal an interceptor to check the nonce against the annotation's value. Kind of like how the RequestMapping is already processed in XSRFInterceptor.
On Mon, Sep 29, 2014 at 9:53 AM, David Ashman notifications@github.com wrote:
Thanks for the info. How would you expect the annotation value to work?
dave
On September 26, 2014 at 4:25:48 PM, Justin Wrobel ( notifications@github.com) wrote:
This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:
@Controller @RequestMapping("Petshop") public class PetShopController { @XSRF("buying-a-pet")//proposed annotation @RequestMapping(method = RequestMethod.POST) public Map<String, String> submit(HttpServletRequest request) {...
Would you consider adding an XSRF annotation that accepts a value?
— Reply to this email directly or view it on GitHub.
— Reply to this email directly or view it on GitHub https://github.com/davidashman/bbworld2013-client/issues/1#issuecomment-57163476 .
Ah - ok. Let me take a look.
dave
On September 29, 2014 at 10:32:43 AM, Justin Wrobel (notifications@github.com) wrote:
Hey David, Thanks for the reply! The @XSRF annotation would just signal an interceptor to check the nonce against the annotation's value. Kind of like how the RequestMapping is already processed in XSRFInterceptor.
On Mon, Sep 29, 2014 at 9:53 AM, David Ashman notifications@github.com wrote:
Thanks for the info. How would you expect the annotation value to work?
dave
On September 26, 2014 at 4:25:48 PM, Justin Wrobel ( notifications@github.com) wrote:
This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:
@Controller @RequestMapping("Petshop") public class PetShopController { @XSRF("buying-a-pet")//proposed annotation @RequestMapping(method = RequestMethod.POST) public Map<String, String> submit(HttpServletRequest request) {...
Would you consider adding an XSRF annotation that accepts a value?
— Reply to this email directly or view it on GitHub.
— Reply to this email directly or view it on GitHub https://github.com/davidashman/bbworld2013-client/issues/1#issuecomment-57163476 .
— Reply to this email directly or view it on GitHub.
This is in reference to bb-spring-webapi I'm not sure where exactly where to log this but I've been running into issues with the XSRFInterceptor so I generally end up turning it off with the NoXSRF annotation. I normally create controllers with RequestMapping value at the class level and RequestMapping methods at the controller level. The following snippet is an example:
Would you consider adding an XSRF annotation that accepts a value?