I just read this article on GWT RPC XSRF protection, however am planning on writing a GWT app that takes advantage of the newer RequestFactory framework.
However, I don't see any RequestFactory-equivalent for this article, so I ask: do I need to worry about the attack vectors and necessary protections/precautions outlined in the article above if I'm using RequestFactory, or am I "immune"? Does anybody know of the RequestFactory-equivalent for these items? Thanks in advance!
No, you're not immune.
And I'm not aware of any equivalent for RequestFactory. You'd basically implement a RequestTransport on the client-side and a servlet filter on the server-side; but you'd have to find some mean of communicating the XsrfToken to the client (a dynamic host page comes to mind).