Verify CSRF token before accepting new CSRF connection (#11635)

* Can't open push connection during client-side init because CSRF token is not available at that point. This allows simplifying the initialization because the push state will not be checked until the first response has been processed. * Add helper for checking the CSRF token Change-Id: I31da1ac669dc9a581cbd66f58c07f10ea4b8b676
author: Leif Åstrand <leif@vaadin.com> 2013-04-25 12:45:45 +0300
committer: Vaadin Code Review <review@vaadin.com> 2013-04-25 12:15:48 +0000
commit: a46c97bd7936ea8793618bb54ce19ac32c61f71d (patch)
tree: d66c1be61070be9620f8107011bd8a372a9e7a72 /shared
parent: 220b1150ca411a63009d7f30e0400dc062f10c27 (diff)
download: vaadin-framework-a46c97bd7936ea8793618bb54ce19ac32c61f71d.tar.gz
vaadin-framework-a46c97bd7936ea8793618bb54ce19ac32c61f71d.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/shared/src/com/vaadin/shared/ApplicationConstants.java b/shared/src/com/vaadin/shared/ApplicationConstants.java
index 6b0c8e7244..04cba79c0c 100644
--- a/shared/src/com/vaadin/shared/ApplicationConstants.java
+++ b/shared/src/com/vaadin/shared/ApplicationConstants.java
@@ -78,4 +78,9 @@ public class ApplicationConstants implements Serializable {
      * in the VAADIN directory.
      */
     public static final String VAADIN_PUSH_JS = "vaadinPush.js";
+
+    /**
+     * Name of the parameter used to transmit the CSRF token.
+     */
+    public static final String CSRF_TOKEN_PARAMETER = "v-csrfToken";
 }
author	Leif Åstrand <leif@vaadin.com>	2013-04-25 12:45:45 +0300
committer	Vaadin Code Review <review@vaadin.com>	2013-04-25 12:15:48 +0000
commit	a46c97bd7936ea8793618bb54ce19ac32c61f71d (patch)
tree	d66c1be61070be9620f8107011bd8a372a9e7a72 /shared
parent	220b1150ca411a63009d7f30e0400dc062f10c27 (diff)
download	vaadin-framework-a46c97bd7936ea8793618bb54ce19ac32c61f71d.tar.gz vaadin-framework-a46c97bd7936ea8793618bb54ce19ac32c61f71d.zip