> From: Mathew Samuel [mailto:mathew.sam...@entrust.com]
> Subject: Found org.apache.catalina.filters.CSRF_NONCE
> now I know that the org.apache.catalina.filters.CSRF_NONCE is not a String
> but something else.
Actually, Konstantin told you that several hours ago:
> > 1) ${session['org.apache.catalina.filters.CSRF_NONCE']}
> > 2) The value of the above is some object (a cache) not a String.
> > It cannot be used as a <c:param> value.
> > 3) c:url already takes care of the nonce,
> > because it calls HttpServletResponse.encodeURL(..)
Perhaps you should go back and read his complete response:
http://marc.info/?l=tomcat-user&m=130287556712594&w=2
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
