Dear Colleagues,
I have a service which does CSRF protection for POST and PUT method when I
Do GET
I should first fetch the xsrf token passing fetch header with that I get the
client cookies and the same cookies should be sent
I get the XSRF as well as cookies but somehow the token is giving CSRF
Validation failed looks like an issue with cookie handling
Snippet of my code is as below
private CookieStore getCookieStore() {
HttpServletRequest req = getHttpServletRequest();
Object cs = req.getSession().getAttribute("mmmmm");
if (cs == null) {
cs = new BasicCookieStore();
req.getSession().setAttribute("mmmm", cs);
}
return (CookieStore) cs;
}
private HttpServletRequest getHttpServletRequest() {
return (HttpServletRequest) getContext().
getParameter(context.HTTP_SERVLET_REQUEST_OBJECT);
}
private void putCookieStore(CookieStore cs) {
getHttpServletRequest().getSession().setAttribute("mmm", cs);
}
Initialization of http client
DefaultHttpClient rsClient = new DefaultHttpClient();
setTrustAll(rsClient);
rsClient.setCookieStore(cs);
What can be the issue can someone please help
Thanks,
Aparna
