Search code examples
javagwtcsrf-protection

GWT & CSRF Guard - Is it possible to implement CSRF Guard on GWT code?

I have web application in which front end is written in GWT. Now I want to implement CSRF Guard on the same web application.

So I would like to know that is it possible to implement CSRF Guard on GWT code because when I tried implementing it CSRF guard's token is not getting injected on any request to server. I'm able to see the response from the server but token is not getting injected and CSRF guard is not working properly.

Could anyone help me on this?? Thanks.

Solution

  • I have posted the same question on groups.goole.com to get the answer. So I would like to post here discussed points.

    1. You probably could get CSRF Guard to work but it's easier to use GWT's built in protection
    2. If you are using GWTP then you should use GWTP's CSRF protection
    3. If you are using CSRF guard on GWT code then the only thing I can suggest is inject the csrf guard script before the *.nocache.js script.

    These point might help someone.

    Soucre Link