You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2017/05/31 20:37:16 UTC

wicket git commit: WICKET-6389 Introduce CsrfPreventionRequestCycleListener that is aware of Web Socket requests

Repository: wicket
Updated Branches:
  refs/heads/master cbac40459 -> a51d0816b


WICKET-6389 Introduce CsrfPreventionRequestCycleListener that is aware of Web Socket requests


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/a51d0816
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/a51d0816
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/a51d0816

Branch: refs/heads/master
Commit: a51d0816b036649cf49eec2a23720cd6354dab25
Parents: cbac404
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Wed May 31 22:36:57 2017 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Wed May 31 22:36:57 2017 +0200

----------------------------------------------------------------------
 ...AwareCsrfPreventionRequestCycleListener.java | 42 ++++++++++++++++++++
 1 file changed, 42 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/a51d0816/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketAwareCsrfPreventionRequestCycleListener.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketAwareCsrfPreventionRequestCycleListener.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketAwareCsrfPreventionRequestCycleListener.java
new file mode 100644
index 0000000..afbd49e
--- /dev/null
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketAwareCsrfPreventionRequestCycleListener.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.protocol.ws;
+
+import org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener;
+import org.apache.wicket.protocol.ws.api.WebSocketMessageBroadcastHandler;
+import org.apache.wicket.protocol.ws.api.WebSocketRequestHandler;
+import org.apache.wicket.request.IRequestHandler;
+
+/**
+ * A specialization of {@link CsrfPreventionRequestCycleListener} that should be used when
+ * the application uses Web Sockets.
+ *
+ * <p>The HTTP upgrade request brings <em>Origin</em> in its headers, but any Web socket frame doesn't
+ * bring it so {@link WebSocketRequestHandler} and {@link WebSocketMessageBroadcastHandler}
+ * should be ignored.</p>
+ */
+public class WebSocketAwareCsrfPreventionRequestCycleListener extends CsrfPreventionRequestCycleListener
+{
+	@Override
+	protected boolean isChecked(IRequestHandler handler)
+	{
+		if (handler instanceof WebSocketRequestHandler || handler instanceof WebSocketMessageBroadcastHandler) {
+			return false;
+		}
+		return super.isChecked(handler);
+	}
+}