Hi,
answering to self, in case it is helpful for others, there are several
"new Request().." invocations on the *js filesthat perform the calls.
As a bonus, all <meta/> fields whose name begins with "wiki" is
automatically loaded into the Wiki object so you can do things like:
[...]
data: { page: Wiki.PageName, wikimarkup: "[{Groups}]()",
'X-XSRF-TOKEN': wiki.CsrfProtection },
best regards,
juan pablo
On Fri, Jul 1, 2022 at 5:13 PM Juan Pablo Santos Rodríguez
<juanpablo.san...@gmail.com> wrote:
>
> Hi,
>
> I'm writing a csrf prevention filter for post requests on JSPWiki. So far
> everything is going fine looking for posts requests via ajax: preview is
> started by an AJAX POST call to AJAXPreview.jsp, but I can't find where the
> call is started. The only place that seems to be calling is jspwiki-edit.js
> file, but that's a get.
>
> Something similar happens with calls to AJAXSearch.jsp. There's also a couple
> of ajax[json|html] functions at jspwiki-common.js but I don't see where/when
> are they called.
>
> I'll keep looking, but any pointers in the meantime would be most welcomed :-)
>
>
> Cheers,
> juan pablo
>
>
