Thanks Martin,

how can I tell for example if the IPageClassRequestHandler or
ListenerInterfaceRequestHandler is for a form?

On Wed, Sep 6, 2017 at 12:39 PM, Martin Grigorov <mgrigo...@apache.org>
wrote:

> Hi,
>
> I don't use any of these so I have no much experience in production with
> them!
>
> On Wed, Sep 6, 2017 at 12:07 PM, Wayne W <waynemailingli...@gmail.com>
> wrote:
>
> > Hi,
> >
> > I've been trying to use CsrfPreventionRequestCycleListener in
> production.
> > However we are seeing in the logs that about 30 times a day we get the
> > request aborted because the clients browsers are not sending the referrer
> > header sometimes. Doing some research it seems we cannot rely on the
> > clients browser to send the referrer and it could be somewhat buggy in
> > older browsers.
> >
> > Does anyone else experience this trouble?
> >
> > Are there any alternatives?
> >
> > I did try:
> >
> > getSecuritySettings().setCryptFactory(new KeyInSessionSunJceCryptFactory
> > ());
> >
> > setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(),
> > this));
> >
> > However this encrypts everything (resources, urls, etc). Is there a way
> of
> > just encrypting say forms and links or something?
> >
>
> You can override CryptoMapper#mapHandler() and call super.mapHandler() only
> when the IRequestHandler is not an instance of IPageClassRequestHandler or
> only when it is ListenerInterfaceRequestHandler.
>
>
> >
> > Anyone got a solution that works for them in production?
> >
> > many thanks
> >
>

Reply via email to