Messages posted by: johnsky  XML
Profile for johnsky -> Messages posted by johnsky [3]
Author Message
Thanks, didn't know that! Good to hear ...

How can I review this functionality? Is there some documentation about it?

I saw this post:
but it points to a whitepaper which doesnt say anything about csrf

Thanks in advance
I am trying out csrf guard which is a security framework protecting jsf apps against csrf attacks.
My current app is using icefaces 1.8.3 with seam on a JBoss 7.
So far the first integration steps are quite successful.

CSRF Guard injects hidden input parameters based on a JS-Script on each new page.
In the case of select-menus and partial submits it is ocurring the following problem:
first request sends the csrf-token correctly. But after partially refreshing the page it looses the token, because csrf guard does not detect it as a fully form submit. So it is not re-injecting the token.

My question:
is there an attribute which I can add to my csrf-token which tells icefaces NOT to eliminate this token?

Thanks in advance

In my environment I use a template.xhtml to include in all my pages. The problem is that this is coming with a lot of javascript-libraries and I wonder how to avoid the repeated download of this files (each browser-interaction (sic!)). In the firebug-view of 'network' you can see the status of all pix and libs. If the code is 200: it was downloaded, if it is 304: not downloaded!
But all the files always have the code 200. (http://getfirebug.com/wiki/index.php/Net_Panel)

I tried some meta-tags, but they also didn't work:
<meta http-equiv="CACHE-CONTROL" content="PUBLIC"/>
<meta http-equiv="PRAGMA" content="PUBLIC"/>
<meta http-equiv="expires" content="Tuesday, 1-Sep-15 14:25:27 UTC"/>

iceface 1.8
Seam 2.2
JBoss 5.1

Any help is appreciated!

Thanks in advance

Best Regards,
Profile for johnsky -> Messages posted by johnsky [3]
Go to:   
Powered by JForum 2.1.7ice © JForum Team