I'm trying to implement a SecureForm (extends Form) which dynamically adds a
hidden field to prevent CSRF attacks as described here:
http://apache-wicket.1842946.n4.nabble.com/Security-Features-offered-by-Wicket-td1861659.html
My problem is that my form contains a panel with tabs, each tab refreshes
the Form class through ajax but the HTML stays the same.
The result is that when I try to enter the first tab, click on the second
tab and try to post it I'm getting invalid tockens since the second tab HTML
has the first token but it's Form class already instantiated a new CSRF
token.
Anyone have an idea how i can replace the injected HTML from the
onComponentTagBody.
I'd like to try and use this approach (token field in the SecureForm class)
instead of just putting the token inside the session.
Thanks
hidden field to prevent CSRF attacks as described here:
http://apache-wicket.1842946.n4.nabble.com/Security-Features-offered-by-Wicket-td1861659.html
My problem is that my form contains a panel with tabs, each tab refreshes
the Form class through ajax but the HTML stays the same.
The result is that when I try to enter the first tab, click on the second
tab and try to post it I'm getting invalid tockens since the second tab HTML
has the first token but it's Form class already instantiated a new CSRF
token.
Anyone have an idea how i can replace the injected HTML from the
onComponentTagBody.
I'd like to try and use this approach (token field in the SecureForm class)
instead of just putting the token inside the session.
Thanks