You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/11/05 17:13:59 UTC

[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension

    [ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15640093#comment-15640093 ] 

ASF GitHub Bot commented on WICKET-6245:
----------------------------------------

GitHub user amichalowski opened a pull request:

    https://github.com/apache/wicket/pull/187

    Add origin header to ajax requests in BaseWicketTester

    In commits assigned to this issue:
    [https://issues.apache.org/jira/browse/WICKET-6245](https://issues.apache.org/jira/browse/WICKET-6245)
    
    There are following changes in `CsrfPreventionRequestCycleListener`:
    - If origin header doesn't exist referer header can be used.
    - Default no origin behavior was changed to abort.
    
    But the wicket tester doesn't send Origin or Referer header.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/amichalowski/wicket wicket-tester-origin-header

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/wicket/pull/187.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #187
    
----
commit 893579c88c98b8dfbc6612ff7c2e1b3ac024e6f6
Author: Artur MichaƂowski <am...@gmail.com>
Date:   2016-11-05T16:59:56Z

    Add origin header to ajax requests in BaseWicketTester

----


> Open up CsrfPreventionRequestCycleListener for extension
> --------------------------------------------------------
>
>                 Key: WICKET-6245
>                 URL: https://issues.apache.org/jira/browse/WICKET-6245
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, 6.22.0, 6.23.0, 7.4.0, 6.24.0
>            Reporter: Martijn Dashorst
>            Assignee: Martijn Dashorst
>            Priority: Minor
>             Fix For: 8.0.0-M2, 6.25.0, 7.5.0
>
>
> The design of the CsrfPreventionRequestCycleListener is such that it is open for extension, but fails to provide the right hooks for implementors. We should allow private methods to be called from event handlers, and allow overriding of  several checkpoints in the API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)