[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension

Sat, 05 Nov 2016 10:14:17 -0700 

    [ 
https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15640093#comment-15640093
 ] 

ASF GitHub Bot commented on WICKET-6245:
----------------------------------------

GitHub user amichalowski opened a pull request:

    https://github.com/apache/wicket/pull/187

    Add origin header to ajax requests in BaseWicketTester

    In commits assigned to this issue:
    
[https://issues.apache.org/jira/browse/WICKET-6245](https://issues.apache.org/jira/browse/WICKET-6245)
    
    There are following changes in `CsrfPreventionRequestCycleListener`:
    - If origin header doesn't exist referer header can be used.
    - Default no origin behavior was changed to abort.
    
    But the wicket tester doesn't send Origin or Referer header.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/amichalowski/wicket 
wicket-tester-origin-header

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/wicket/pull/187.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #187
    
----
commit 893579c88c98b8dfbc6612ff7c2e1b3ac024e6f6
Author: Artur MichaƂowski <[email protected]>
Date:   2016-11-05T16:59:56Z

    Add origin header to ajax requests in BaseWicketTester

----


> Open up CsrfPreventionRequestCycleListener for extension
> --------------------------------------------------------
>
>                 Key: WICKET-6245
>                 URL: https://issues.apache.org/jira/browse/WICKET-6245
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, 
> 6.22.0, 6.23.0, 7.4.0, 6.24.0
>            Reporter: Martijn Dashorst
>            Assignee: Martijn Dashorst
>            Priority: Minor
>             Fix For: 8.0.0-M2, 6.25.0, 7.5.0
>
>
> The design of the CsrfPreventionRequestCycleListener is such that it is open 
> for extension, but fails to provide the right hooks for implementors. We 
> should allow private methods to be called from event handlers, and allow 
> overriding of  several checkpoints in the API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to