Thanks Andreas, I'll give that a shot.
On Mon, Mar 22, 2010 at 8:54 PM, Andreas Andreou <andy...@di.uoa.gr> wrote: > Assuming you just want to protect form submits and that you want to > implement the cookie + hidden > field solution it's possible to do this: > > 1) Create a CSRFValidator that implements > org.apache.tapestry.form.validator.Validator (or extends > BaseValidator) > and that uses the renderContribution method to add the cookie to the > response and checks (in the validate method) > that it matches the hidden value > 2) Add a Hidden component to each form you want to protect & set it to > use CSRFValidator - unfortunately, the included > hidden component doesn't accept the validators parameter (like > TextField does), so, you'll have to create your own version > of it. > > On Tue, Mar 23, 2010 at 01:49, Matthew Cordes <cordes.matt...@gmail.com> > wrote: > > Hi all, > > > > I'm looking for a little information about CSRF for Tapestry 4. I found > this > > page which explains how to add CSRF preventative code to tapestry 5 ( > > http://wiki.apache.org/tapestry/Tapestry5CSRF). Can anyone recommend a > > similar solution for Tapestry4? > > > > If you're familiar with a document that explains how to do it, I'd love > to > > see it. Failing that, any pointers to places in the code I would need to > > extend to do it myself would be greatly appreciated. > > > > -Matt > > > > > > -- > Andreas Andreou - andy...@apache.org - http://blog.andyhot.gr > Tapestry / Tacos developer > Open Source / JEE Consulting > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
