From a46c97bd7936ea8793618bb54ce19ac32c61f71d Mon Sep 17 00:00:00 2001
From: Leif Åstrand <leif@vaadin.com>
Date: Thu, 25 Apr 2013 12:45:45 +0300
Subject: Verify CSRF token before accepting new CSRF connection (#11635)

* Can't open push connection during client-side init because CSRF token
is not available at that point. This allows simplifying the
initialization because the push state will not be checked until the
first response has been processed.
* Add helper for checking the CSRF token

Change-Id: I31da1ac669dc9a581cbd66f58c07f10ea4b8b676
---
 shared/src/com/vaadin/shared/ApplicationConstants.java | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'shared')

diff --git a/shared/src/com/vaadin/shared/ApplicationConstants.java b/shared/src/com/vaadin/shared/ApplicationConstants.java
index 6b0c8e7244..04cba79c0c 100644
--- a/shared/src/com/vaadin/shared/ApplicationConstants.java
+++ b/shared/src/com/vaadin/shared/ApplicationConstants.java
@@ -78,4 +78,9 @@ public class ApplicationConstants implements Serializable {
      * in the VAADIN directory.
      */
     public static final String VAADIN_PUSH_JS = "vaadinPush.js";
+
+    /**
+     * Name of the parameter used to transmit the CSRF token.
+     */
+    public static final String CSRF_TOKEN_PARAMETER = "v-csrfToken";
 }
-- 
cgit v1.2.3