Closed pizzi80 closed 1 month ago
in general RestoreViewPhase should be skipped on a GET request, right?
The spec doesn't restrict it to a particular HTTP request method: https://jakarta.ee/specifications/platform/10/apidocs/jakarta/faces/render/responsestatemanager#isPostback(jakarta.faces.context.FacesContext)
I think this was a smart move of the initial spec authors and that the observed ViewExpiredException
s on GET or whatever other request method needs to be dealt with separately. We can at most fix the StringIndexOutOfBoundsException
in Mojarra's state manager as this is indeed considerable as a bug.
Describe the bug
The
jakarta.faces.ViewState
value is evaluated from GET parametersis it a spec requirement?
can we make some check to avoid exceptions and
ViewExpiredException
?To Reproduce
Exception https://showcase.omnifaces.org/?jakarta.faces.ViewState=1 https://showcase.omnifaces.org/?jakarta.faces.ViewState=-1 https://showcase.omnifaces.org/?jakarta.faces.ViewState=1234
ViewExpired https://showcase.omnifaces.org/?jakarta.faces.ViewState= https://showcase.omnifaces.org/?jakarta.faces.ViewState=1234:
Expected behavior
Do not process jakarta.faces.ViewState as GET parameter, Or avoid exceptions ...