diff options
| author | Artur Signell <artur.signell@itmill.com> | 2009-06-29 14:51:26 +0000 |
|---|---|---|
| committer | Artur Signell <artur.signell@itmill.com> | 2009-06-29 14:51:26 +0000 |
| commit | cec150b8fa13a55879d3f7f7669406155d714869 (patch) | |
| tree | ec811d667c7f02fc39bc9ee58ea7d008ebea1493 /src | |
| parent | 94b13d6ddaf92d0abd9c8a7883adca95d9192fd5 (diff) | |
| download | vaadin-framework-cec150b8fa13a55879d3f7f7669406155d714869.tar.gz vaadin-framework-cec150b8fa13a55879d3f7f7669406155d714869.zip | |
Fix for #3060 - Warn if cross site scripting prevention is turned off
svn changeset:8269/svn branch:6.0
Diffstat (limited to 'src')
| -rw-r--r-- | src/com/vaadin/terminal/gwt/server/CommunicationManager.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/com/vaadin/terminal/gwt/server/CommunicationManager.java b/src/com/vaadin/terminal/gwt/server/CommunicationManager.java index dc83e26e9b..0431785f68 100644 --- a/src/com/vaadin/terminal/gwt/server/CommunicationManager.java +++ b/src/com/vaadin/terminal/gwt/server/CommunicationManager.java @@ -619,8 +619,9 @@ public class CommunicationManager implements Paintable.RepaintRequestListener, // Security: double cookie submission pattern unless disabled by // property - if (!"true".equals(application2 - .getProperty("disable-xsrf-protection"))) { + if (!"true" + .equals(application2 + .getProperty(AbstractApplicationServlet.SERVLET_PARAMETER_DISABLE_XSRF_PROTECTION))) { if (bursts.length == 1 && "init".equals(bursts[0])) { // initial request, no variable changes: send key String seckey = (String) request.getSession().getAttribute( |