Package org.apache.wicket.protocol.ws
Class WebSocketAwareCsrfPreventionRequestCycleListener
- java.lang.Object
-
- org.apache.wicket.protocol.http.OriginResourceIsolationPolicy
-
- org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
-
- org.apache.wicket.protocol.ws.WebSocketAwareCsrfPreventionRequestCycleListener
-
- All Implemented Interfaces:
IResourceIsolationPolicy
,IRequestCycleListener
@Deprecated(since="9.3.0") public class WebSocketAwareCsrfPreventionRequestCycleListener extends CsrfPreventionRequestCycleListener
Deprecated.A specialization ofCsrfPreventionRequestCycleListener
that should be used when the application uses Web Sockets.The HTTP upgrade request brings Origin in its headers, but any Web socket frame doesn't bring it so
WebSocketRequestHandler
andWebSocketMessageBroadcastHandler
should be ignored.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
CsrfPreventionRequestCycleListener.CsrfAction
-
Nested classes/interfaces inherited from interface org.apache.wicket.protocol.http.IResourceIsolationPolicy
IResourceIsolationPolicy.ResourceIsolationOutcome
-
-
Constructor Summary
Constructors Constructor Description WebSocketAwareCsrfPreventionRequestCycleListener()
Deprecated.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected boolean
isChecked(IRequestHandler handler)
Deprecated.Override to change the request handler types that are checked.-
Methods inherited from class org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
abortHandler, addAcceptedOrigin, allowHandler, checkRequest, getSourceUri, isChecked, isEnabled, matchingOrigin, onAborted, onAllowed, onBeginRequest, onMatchingOrigin, onRequestHandlerResolved, onSuppressed, onWhitelisted, setConflictingOriginAction, setErrorCode, setErrorMessage, setNoOriginAction, suppressHandler, unwrap, whitelistedHandler
-
Methods inherited from class org.apache.wicket.protocol.http.OriginResourceIsolationPolicy
getTargetUriFromRequest, isLocalOrigin, isRequestAllowed, isWhitelistedHost, normalizeUri
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.wicket.request.cycle.IRequestCycleListener
onDetach, onEndRequest, onException, onExceptionRequestHandlerResolved, onRequestHandlerExecuted, onRequestHandlerScheduled, onUrlMapped
-
Methods inherited from interface org.apache.wicket.protocol.http.IResourceIsolationPolicy
setHeaders
-
-
-
-
Constructor Detail
-
WebSocketAwareCsrfPreventionRequestCycleListener
public WebSocketAwareCsrfPreventionRequestCycleListener()
Deprecated.
-
-
Method Detail
-
isChecked
protected boolean isChecked(IRequestHandler handler)
Deprecated.Description copied from class:CsrfPreventionRequestCycleListener
Override to change the request handler types that are checked. Currently only action handlers (form submits, link clicks, AJAX events) are checked for a matching Origin HTTP header.- Overrides:
isChecked
in classCsrfPreventionRequestCycleListener
- Parameters:
handler
- the handler that is currently processing- Returns:
- true when the Origin HTTP header should be checked for this
handler
-
-