Double cookie submit pattern impl; fixes #2198

svn changeset:5855/svn branch:trunk
author: Marc Englund <marc.englund@itmill.com> 2008-11-10 14:58:17 +0000
committer: Marc Englund <marc.englund@itmill.com> 2008-11-10 14:58:17 +0000
commit: 1818fc8521fb2d08daa3044f7beee090d92e8ba2 (patch)
tree: da29857d54ddb2fb34a10038a516d9913961f276 /src/com/itmill/toolkit/terminal/gwt/client/ApplicationConnection.java
parent: 2e400de2e002e70012fa5ac628dff74b131c9c0b (diff)
download: vaadin-framework-1818fc8521fb2d08daa3044f7beee090d92e8ba2.tar.gz
vaadin-framework-1818fc8521fb2d08daa3044f7beee090d92e8ba2.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/com/itmill/toolkit/terminal/gwt/client/ApplicationConnection.java b/src/com/itmill/toolkit/terminal/gwt/client/ApplicationConnection.java
index 827c6353de..b09a9bc08c 100755
--- a/src/com/itmill/toolkit/terminal/gwt/client/ApplicationConnection.java
+++ b/src/com/itmill/toolkit/terminal/gwt/client/ApplicationConnection.java
@@ -25,6 +25,7 @@ import com.google.gwt.json.client.JSONParser;
 import com.google.gwt.json.client.JSONString;
 import com.google.gwt.json.client.JSONValue;
 import com.google.gwt.user.client.Command;
+import com.google.gwt.user.client.Cookies;
 import com.google.gwt.user.client.DOM;
 import com.google.gwt.user.client.DeferredCommand;
 import com.google.gwt.user.client.Element;
@@ -60,6 +61,8 @@ public class ApplicationConnection {
 
     public static final String VAR_BURST_SEPARATOR = "\u001d";
 
+    public static final String UIDL_SECURITY_COOKIE_NAME = "com.itmill.toolkit.seckey";
+
     private final HashMap resourcesMap = new HashMap();
 
     private static Console console;
@@ -276,6 +279,10 @@ public class ApplicationConnection {
             boolean forceSync) {
         startRequest();
 
+        // cookie double submission pattern
+        requestData = Cookies.getCookie(UIDL_SECURITY_COOKIE_NAME)
+                + VAR_BURST_SEPARATOR + requestData;
+
         console.log("Making UIDL Request with params: " + requestData);
         String uri = getAppUri() + "UIDL" + configuration.getPathInfo();
         if (repaintAll) {
@@ -637,7 +644,7 @@ public class ApplicationConnection {
                 }
 
                 if (html.length() != 0) {
-                    INotification n = new INotification(1000 * 60 * 45); // 45min
+                    INotification n = new INotification(1000 * 60 * 45); //45min
                     n.addEventListener(new NotificationRedirect(url));
                     n.show(html, INotification.CENTERED_TOP,
                             INotification.STYLE_SYSTEM);
author	Marc Englund <marc.englund@itmill.com>	2008-11-10 14:58:17 +0000
committer	Marc Englund <marc.englund@itmill.com>	2008-11-10 14:58:17 +0000
commit	1818fc8521fb2d08daa3044f7beee090d92e8ba2 (patch)
tree	da29857d54ddb2fb34a10038a516d9913961f276 /src/com/itmill/toolkit/terminal/gwt/client/ApplicationConnection.java
parent	2e400de2e002e70012fa5ac628dff74b131c9c0b (diff)
download	vaadin-framework-1818fc8521fb2d08daa3044f7beee090d92e8ba2.tar.gz vaadin-framework-1818fc8521fb2d08daa3044f7beee090d92e8ba2.zip