https://bz.apache.org/bugzilla/show_bug.cgi?id=65853
--- Comment #2 from Marvin Fröhlich <apa...@froehlich-mail.net> ---
I further suggest to either add HttpServletRequest argument to the
generateNonce() method or add another method like
getSkipNonceGeneration(HttpServletRequest request) or
getGenerateNonce(HttpServletRequest request), what ever you prefer.
Background is, that you may need to override behavior, when to actually
generate a nonce for a given request.
The call would look like this.
#######################
String newNonce = generateNonce();
if (newNonce != null) {
nonceCache.add(newNonce);
// Take this request's nonce and put it into the request
// attributes so pages can make direct use of it, rather than
// requiring the use of response.encodeURL.
request.setAttribute(Constants.CSRF_NONCE_REQUEST_ATTR_NAME, newNonce);
wResponse = new CsrfResponseWrapper(res, nonceRequestParameterName,
newNonce);
} else {
wResponse = response;
}
#######################
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
