diff options
| author | Bogdan Udrescu <bogdan@vaadin.com> | 2014-07-09 18:40:26 +0300 |
|---|---|---|
| committer | Leif Åstrand <leif@vaadin.com> | 2014-07-15 08:50:38 +0000 |
| commit | df13b061f2f6ba10beae64d9b358c0365736370e (patch) | |
| tree | 0a2800b1e383f3f7fb648ea5ec9ec9512e54906d /shared | |
| parent | 9696e6c3e7e952b66ac3f5c9ddc3dfca4233451e (diff) | |
| download | vaadin-framework-df13b061f2f6ba10beae64d9b358c0365736370e.tar.gz vaadin-framework-df13b061f2f6ba10beae64d9b358c0365736370e.zip | |
Remove csrfToken if disable-xsrf-protection is true (#14111)
If the server sends no token and the client value remains "init" then
it's not sent back to the server.
Change-Id: I74fc470c5c22d57c4a48eab3e4476ae4cc2dd242
Diffstat (limited to 'shared')
| -rw-r--r-- | shared/src/com/vaadin/shared/ApplicationConstants.java | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/shared/src/com/vaadin/shared/ApplicationConstants.java b/shared/src/com/vaadin/shared/ApplicationConstants.java index da4ac7450d..15eefe3b21 100644 --- a/shared/src/com/vaadin/shared/ApplicationConstants.java +++ b/shared/src/com/vaadin/shared/ApplicationConstants.java @@ -1,12 +1,12 @@ /* * Copyright 2000-2014 Vaadin Ltd. - * + * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the @@ -86,7 +86,7 @@ public class ApplicationConstants implements Serializable { /** * The name of the debug version of the javascript containing push support. * The file is located in the VAADIN directory. - * + * * @since 7.1.6 */ public static final String VAADIN_PUSH_DEBUG_JS = "vaadinPush.debug.js"; @@ -98,14 +98,14 @@ public class ApplicationConstants implements Serializable { /** * The name of the parameter used to transmit RPC invocations - * + * * @since 7.2 */ public static final String RPC_INVOCATIONS = "rpc"; /** * The name of the parameter used to transmit the CSRF token - * + * * @since 7.2 */ public static final String CSRF_TOKEN = "csrfToken"; @@ -114,9 +114,15 @@ public class ApplicationConstants implements Serializable { * The name of the parameter used to transmit the sync id. The value can be * set to -1 e.g. when testing with pre-recorded requests to make the * framework ignore the sync id. - * + * * @see com.vaadin.ui.ConnectorTracker#getCurrentSyncId() * @since 7.2 */ public static final String SERVER_SYNC_ID = "syncId"; + + /** + * Default value to use in case the security protection is disabled. + */ + public static final String CSRF_TOKEN_DEFAULT_VALUE = "init"; + } |