[EMAIL PROTECTED] (Ted Husted) wrote:
> If someone submitted a patch to bugzilla that allowed the generation of
> the token to be switched off on a form by form basis, I'm sure it would
> be considered.
If I did this, it seems like a good default might be to remove the
transaction token for GET
The autopopulation takes place before the ActionForm gets control, so
that's really not an option.
The request is passed to validate, and so you could put a token checker
there.
That does make a certain amount of sense, since it is after all a kind
of validation error.
But, returning people
[EMAIL PROTECTED] (Keith) wrote:
> Isn't it easy enough to test which form you came from to decide whether to call
> isTokenValid()?
Not a problem in this respect. The problem is the URL for a GET (see below).
> > However the URL is no longer very clean.
> I don't get what you mean.
It conta
[EMAIL PROTECTED] (Ted Husted) wrote:
> The usual workflow is to visit an Action before displaying the page.
> This gives you the opportunity to any number of things, including
> setting up the tokens.
There is no problem setting up the token for a response.
The problem is that as the request c
If you simply need to prevent resubmits, set a token as a session variable,
check its value on any submit, and change its value on the first submit.
Cheers!
Mark
--
Try before you cry:
http://www.mail-archive.com/struts-user%40jakarta.apache.org/
-Original Message-
From: [EMAIL PROTECTE
Hi Duncan,
Isn't it easy enough to test which form you came from to decide whether to call
isTokenValid()?
> However the URL is no longer very clean.
I don't get what you mean.
Keith.
--- Duncan Harris <[EMAIL PROTECTED]> wrote:
>
> The other thing that seems to be an annoyance is that the
> or
One solution would be to write the GET form youself, using bean:write to
populate the the HTML controls.
If someone submitted a patch to bugzilla that allowed the generation of
the token to be switched off on a form by form basis, I'm sure it would
be considered.
-- Ted Husted, Husted dot Com,
The usual workflow is to visit an Action before displaying the page.
This gives you the opportunity to any number of things, including
setting up the tokens.
-- Ted Husted, Husted dot Com, Fairport NY USA.
-- Java Web Development with Struts.
-- Tel +1 585 737-3463.
-- Web http://www.husted.com/
The other thing that seems to be an annoyance is that the
org.apache.struts.taglib.html.TOKEN parameter gets added for
all forms on the page if it is set. I don't want this to happen.
There appears to be no way to easily avoid this without overriding
and replicating the whole of the FormTag.doSta
9 matches
Mail list logo