Spring Single Page Application: CSRF token changing silently after login, logout etc -

-

as know, in spring+javascript single page application, need send csrf token client in way.

a recommended way have csrfheaderfilter described in spring guide. following approach, when application start, send request server, fetching token.

but see under events login or logout, spring security changes token. csrfheaderfilter comes beforehand, , can't detect change. hence, needing send request following such events.

i tried peeping @ spring security code find if there way send changed token along these login or logout requests, request saved. but, not find way.

liked know if sending dummy request after login, logout etc., doing, looks solution. or, maybe there better way?

if there no way avoid redundant request, wondering if becomes ticket spring security come after possible.


Comments

Post a Comment

Popular posts from this blog

yii2 - Yii 2 Running a Cron in the basic template -

-
i have seen instructions on running cron in advanced template, cant figure out how on basic template. have following controller in basic controllers folder. <?php namespace app\controllers; use yii\console\controller; /** * cron controller */ class croncontroller extends controller { public function actionindex() { echo "cron service runnning"; } public function actionmail($to) { echo "sending mail " . $to; } } i have navigated root of application , tried these comands yii cron php yii cron im getting unknown comand "cron" i know old question failed find actual answer this. if @ code yii exec file you'll notice requires /common/config/aliases.php file console/config/main.php. can naturally change these or copy on these advanced template. hope solves problem wanting same thing.
Read more

asp.net - 'System.Web.HttpContext' does not contain a definition for 'GetOwinContext' Mystery -

-
i realize question might seem trivial some, it's these types of things find myself fighting quite bit , want make sense of despite seeming losing battle in .net (for me anyway). so, if following: using system.web; ... applicationuser user = system.web.httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); that produces error in title , red getowincontext() , error cannot resolve symbol 'getowincontext()' however, if following (remove system.web in front of httpcontext ), works expected (or @ least no errors): using system.web; ... applicationuser user = httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); however, if (same line that's working using system.web commented out): //using system.web; ... applicationuser user = httpcontext.getowincontext().getusermana
Read more

php - How do you embed a video into a custom theme on WordPress? -

-
i'm using wordpress 4.2.3 , created custom theme use. when try embed youtube video (pasting http:// link content area), video shows in edit content area, when view site, shows text url instead. i tried sorts of things clear formatting, removing link, unchecking settings in writing area, etc. temporarily switched default wp theme , video shows up, i'm missing in template code, , can't figure out what. here code used outputting content in template. index.php <div class="video"> <?php $post_id = 26; $queried_post = get_post($post_id); echo $queried_post->post_content; ?> </div> thanks - appreciate it!
Read more