Hi,
On Tue, May 28, 2013 at 10:32 AM, Magnus K Karlsson < magnus.r.karls...@gmail.com> wrote: > Hi, > > I'm looking for protection against CSRF and found and old issue for Apache > Wicket 1.3.4. > > https://issues.apache.org/jira/browse/WICKET-1782 > > And as far as have understood the Apache Wicket does not support > Synchronizer Token Pattern, as suggested at > > > https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet > > but did in Apache Wicket 1.3 supported CryptedUrlWebRequestCodingStrategy, > So now my question. > > - Does Apache Wicket 6 support CryptedUrlWebRequestCodingStrategy? Cannot > find the CryptedUrlWebRequestCodingStrategy class? If the class have been > renamed, please submit an example how to use this new class. > IRequestCodingStrategy has been reworked to IRequestMapper in Wicket 1.5.0. The class you need is CryptoMapper. Please have a look at https://cwiki.apache.org/confluence/display/WICKET/Request+mapping#Requestmapping-CryptoMapper > > - Does Apache Wicket 6 support any other solution to hinder CSRF? > > > > > -- > Med vänliga hälsningar > Magnus K Karlsson > > Mobile: +46 (0)70 218 00 84 > Email: magnus.r.karls...@gmail.com > Blog: magnus-k-karlsson.blogspot.com >
