Permalink
Browse files

CSRF protection.

  • Loading branch information...
1 parent a9a5fd6 commit 422de35e3c3141e418a73bfb39b430d5fd74077e @kreinhard kreinhard committed Dec 5, 2013
Showing with 165 additions and 20 deletions.
  1. +15 −0 src/main/java/org/projectforge/web/admin/SetupForm.java
  2. +14 −0 src/main/java/org/projectforge/web/admin/SetupImportForm.java
  3. +2 −0 src/main/java/org/projectforge/web/admin/SetupPage.html
  4. +14 −0 src/main/java/org/projectforge/web/admin/SystemUpdateForm.java
  5. +1 −0 src/main/java/org/projectforge/web/admin/SystemUpdatePage.html
  6. +1 −0 src/main/java/org/projectforge/web/core/NavTopPanel.html
  7. +8 −0 src/main/java/org/projectforge/web/core/NavTopPanel.java
  8. +4 −1 src/main/java/org/projectforge/web/dialog/ModalDialog.html
  9. +15 −0 src/main/java/org/projectforge/web/dialog/ModalDialog.java
  10. +4 −1 src/main/java/org/projectforge/web/fibu/RechnungCostEditTablePanel.html
  11. +16 −1 src/main/java/org/projectforge/web/fibu/RechnungCostEditTablePanel.java
  12. +14 −0 src/main/java/org/projectforge/web/mobile/AbstractMobileEditForm.java
  13. +1 −0 src/main/java/org/projectforge/web/mobile/AbstractMobileEditPage.html
  14. +14 −0 src/main/java/org/projectforge/web/mobile/AbstractMobileListForm.java
  15. +10 −7 src/main/java/org/projectforge/web/mobile/AbstractMobileListPage.html
  16. +10 −1 src/main/java/org/projectforge/web/task/TaskTreeForm.java
  17. +1 −0 src/main/java/org/projectforge/web/task/TaskTreePage.html
  18. +6 −6 src/main/java/org/projectforge/web/wicket/CsrfTokenHandler.java
  19. +4 −2 src/main/java/org/projectforge/web/wicket/components/DropFileContainer.html
  20. +11 −1 src/main/java/org/projectforge/web/wicket/components/DropFileContainer.java
View
15 src/main/java/org/projectforge/web/admin/SetupForm.java
@@ -40,6 +40,7 @@
import org.projectforge.database.InitDatabaseDao;
import org.projectforge.user.UserDao;
import org.projectforge.web.wicket.AbstractForm;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.WicketUtils;
import org.projectforge.web.wicket.bootstrap.GridBuilder;
import org.projectforge.web.wicket.components.MaxLengthTextField;
@@ -86,9 +87,15 @@
private String encryptedPassword;
+ /**
+ * Cross site request forgery token.
+ */
+ private final CsrfTokenHandler csrfTokenHandler;
+
public SetupForm(final SetupPage parentPage)
{
super(parentPage, "setupform");
+ csrfTokenHandler = new CsrfTokenHandler(this);
}
@Override
@@ -227,6 +234,7 @@ public void validate(final IValidatable<String> validatable)
@Override
public final void onSubmit()
{
+ csrfTokenHandler.onSubmit();
parentPage.finishSetup();
}
};
@@ -237,6 +245,13 @@ public final void onSubmit()
}
}
+ @Override
+ protected void onSubmit()
+ {
+ super.onSubmit();
+ csrfTokenHandler.onSubmit();
+ }
+
public SetupTarget getSetupMode()
{
return setupMode;
View
14 src/main/java/org/projectforge/web/admin/SetupImportForm.java
@@ -29,6 +29,7 @@
import org.apache.wicket.model.Model;
import org.apache.wicket.util.lang.Bytes;
import org.projectforge.web.wicket.AbstractForm;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.bootstrap.GridBuilder;
import org.projectforge.web.wicket.components.SingleButtonPanel;
import org.projectforge.web.wicket.flowlayout.FieldsetPanel;
@@ -42,10 +43,23 @@
protected String filename;
+ /**
+ * Cross site request forgery token.
+ */
+ private final CsrfTokenHandler csrfTokenHandler;
+
public SetupImportForm(final SetupPage parentPage)
{
super(parentPage, "importform");
initUpload(Bytes.megabytes(100));
+ csrfTokenHandler = new CsrfTokenHandler(this);
+ }
+
+ @Override
+ protected void onSubmit()
+ {
+ super.onSubmit();
+ csrfTokenHandler.onSubmit();
}
@Override
View
2 src/main/java/org/projectforge/web/admin/SetupPage.html
@@ -21,6 +21,7 @@
<div class="button_bar">
<wicket:container wicket:id="buttons">[action buttons]</wicket:container>
</div>
+ <input type="hidden" wicket:id="csrfToken" />
</form>
</div>
</div>
@@ -32,6 +33,7 @@
<div class="button_bar">
<wicket:container wicket:id="buttons">[action buttons]</wicket:container>
</div>
+ <input type="hidden" wicket:id="csrfToken" />
</form>
</div>
</div>
View
14 src/main/java/org/projectforge/web/admin/SystemUpdateForm.java
@@ -38,6 +38,7 @@
import org.projectforge.continuousdb.UpdatePreCheckStatus;
import org.projectforge.web.HtmlHelper;
import org.projectforge.web.wicket.AbstractForm;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.bootstrap.GridBuilder;
import org.projectforge.web.wicket.components.SingleButtonPanel;
import org.projectforge.web.wicket.flowlayout.CheckBoxPanel;
@@ -55,13 +56,19 @@
private GridBuilder gridBuilder;
/**
+ * Cross site request forgery token.
+ */
+ private final CsrfTokenHandler csrfTokenHandler;
+
+ /**
* List to create content menu in the desired order before creating the RepeatingView.
*/
protected MyComponentsRepeater<SingleButtonPanel> actionButtons;
public SystemUpdateForm(final SystemUpdatePage parentPage)
{
super(parentPage);
+ csrfTokenHandler = new CsrfTokenHandler(this);
}
@Override
@@ -165,4 +172,11 @@ public void onBeforeRender()
super.onBeforeRender();
actionButtons.render();
}
+
+ @Override
+ protected void onSubmit()
+ {
+ super.onSubmit();
+ csrfTokenHandler.onSubmit();
+ }
}
View
1 src/main/java/org/projectforge/web/admin/SystemUpdatePage.html
@@ -47,6 +47,7 @@ <h3 class="section">Update scripts</h3>
<div class="button_bar">
<wicket:container wicket:id="buttons">[action buttons]</wicket:container>
</div>
+ <input type="hidden" wicket:id="csrfToken" />
</form>
</wicket:extend>
</body>
View
1 src/main/java/org/projectforge/web/core/NavTopPanel.html
@@ -39,6 +39,7 @@
</div>
<form class="navbar-search pull-left" wicket:id="searchForm" autocomplete="off">
<input type="text" class="search-query span2" placeholder="Search" wicket:id="searchField">
+ <input type="hidden" wicket:id="csrfToken" />
</form>
<ul class="nav pull-right">
<li class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown"><span wicket:id="user">[Kai Reinhard]</span><b
View
8 src/main/java/org/projectforge/web/core/NavTopPanel.java
@@ -59,6 +59,7 @@
import org.projectforge.web.user.ChangePasswordPage;
import org.projectforge.web.user.MyAccountEditPage;
import org.projectforge.web.wicket.AbstractSecuredPage;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.FeedbackPage;
import org.projectforge.web.wicket.MySession;
import org.projectforge.web.wicket.WicketUtils;
@@ -82,6 +83,11 @@
private BookmarkDialog bookmarkDialog;
+ /**
+ * Cross site request forgery token.
+ */
+ private CsrfTokenHandler csrfTokenHandler;
+
public NavTopPanel(final String id, final UserXmlPreferencesCache userXmlPreferencesCache, final AccessChecker accessChecker)
{
super(id);
@@ -117,13 +123,15 @@ public void init(final AbstractSecuredPage page)
@Override
protected void onSubmit()
{
+ csrfTokenHandler.onSubmit();
if (StringUtils.isNotBlank(searchString) == true) {
final SearchPage searchPage = new SearchPage(new PageParameters(), searchString);
setResponsePage(searchPage);
}
super.onSubmit();
}
};
+ csrfTokenHandler = new CsrfTokenHandler(searchForm);
add(searchForm);
final TextField<String> searchField = new TextField<String>("searchField", new PropertyModel<String>(searchForm, "searchString"));
WicketUtils.setPlaceHolderAttribute(searchField, getString("search.search"));
View
5 src/main/java/org/projectforge/web/dialog/ModalDialog.html
@@ -3,7 +3,9 @@
<wicket:container wicket:id="mainSubContainer">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
- <h3 id="myModalLabel" wicket:id="titleContainer"><span wicket:id="titleText">[title]</span></h3>
+ <h3 id="myModalLabel" wicket:id="titleContainer">
+ <span wicket:id="titleText">[title]</span>
+ </h3>
</div>
<form wicket:id="form" autocomplete="off">
<div class="modal-body" wicket:id="gridContent">
@@ -13,6 +15,7 @@ <h3 id="myModalLabel" wicket:id="titleContainer"><span wicket:id="titleText">[ti
<div class="modal-footer" wicket:id="buttonBar">
<wicket:container wicket:id="actionButtons" />
</div>
+ <input type="hidden" wicket:id="csrfToken" />
</form>
</wicket:container>
</div>
View
15 src/main/java/org/projectforge/web/dialog/ModalDialog.java
@@ -39,6 +39,7 @@
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.projectforge.web.core.NavTopPanel;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.WicketUtils;
import org.projectforge.web.wicket.bootstrap.GridBuilder;
import org.projectforge.web.wicket.components.SingleButtonPanel;
@@ -98,6 +99,11 @@
protected MyComponentsRepeater<Component> actionButtons;
/**
+ * Cross site request forgery token.
+ */
+ protected CsrfTokenHandler csrfTokenHandler;
+
+ /**
* @param id
*/
public ModalDialog(final String id)
@@ -231,6 +237,7 @@ public ModalDialog wantsNotificationOnClose()
@Override
protected void onEvent(final AjaxRequestTarget target)
{
+ csrfTokenHandler.onSubmit();
handleCloseEvent(target);
}
});
@@ -288,6 +295,7 @@ public ModalDialog open(final AjaxRequestTarget target)
public void close(final AjaxRequestTarget target)
{
+ csrfTokenHandler.onSubmit();
target.appendJavaScript("$('#" + getMainContainerMarkupId() + "').modal('hide');");
}
@@ -366,6 +374,7 @@ public ModalDialog clearContent()
protected void init(final Form< ? > form)
{
this.form = form;
+ csrfTokenHandler = new CsrfTokenHandler(form);
mainSubContainer.add(form);
form.add(gridContentContainer);
form.add(buttonBarContainer);
@@ -374,6 +383,7 @@ protected void init(final Form< ? > form)
@Override
public void callback(final AjaxRequestTarget target)
{
+ csrfTokenHandler.onSubmit();
onCancelButtonSubmit(target);
close(target);
}
@@ -385,6 +395,7 @@ public void callback(final AjaxRequestTarget target)
@Override
public void callback(final AjaxRequestTarget target)
{
+ csrfTokenHandler.onSubmit();
if (onCloseButtonSubmit(target)) {
close(target);
}
@@ -393,6 +404,7 @@ public void callback(final AjaxRequestTarget target)
@Override
public void onError(final AjaxRequestTarget target, final Form< ? > form)
{
+ csrfTokenHandler.onSubmit();
ModalDialog.this.onError(target, form);
}
}, closeButtonLabel != null ? closeButtonLabel : getString("close"), SingleButtonPanel.NORMAL);
@@ -416,6 +428,7 @@ private void initFeedback(final WebMarkupContainer container)
protected void ajaxError(final String error, final AjaxRequestTarget target)
{
+ csrfTokenHandler.onSubmit();
form.error(error);
target.add(formFeedback);
}
@@ -427,6 +440,7 @@ protected void ajaxError(final String error, final AjaxRequestTarget target)
*/
protected void handleCloseEvent(final AjaxRequestTarget target)
{
+ csrfTokenHandler.onSubmit();
}
/**
@@ -505,6 +519,7 @@ private SingleButtonPanel addNewAjaxActionButton(final AjaxCallback ajaxCallback
@Override
protected void onSubmit(final AjaxRequestTarget target, final Form< ? > form)
{
+ csrfTokenHandler.onSubmit();
ajaxCallback.callback(target);
}
View
5 src/main/java/org/projectforge/web/fibu/RechnungCostEditTablePanel.html
@@ -32,7 +32,10 @@
</tbody>
</table>
<div>
- <wicket:message key="rest" />: <span wicket:id="restValue">[-1234,00]</span></div>
+ <wicket:message key="rest" />
+ : <span wicket:id="restValue">[-1234,00]</span>
+ </div>
+ <input type="hidden" wicket:id="csrfToken" />
</form>
</wicket:panel>
</body>
View
17 src/main/java/org/projectforge/web/fibu/RechnungCostEditTablePanel.java
@@ -54,6 +54,7 @@
import org.projectforge.fibu.kost.Kost2Dao;
import org.projectforge.fibu.kost.KostZuweisungDO;
import org.projectforge.fibu.kost.KostZuweisungenCopyHelper;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.WicketAjaxUtils;
import org.projectforge.web.wicket.WicketUtils;
import org.projectforge.web.wicket.components.MinMaxNumberField;
@@ -86,16 +87,30 @@
MyAjaxComponentHolder ajaxComponents = new MyAjaxComponentHolder();
/**
+ * Cross site request forgery token.
+ */
+ private final CsrfTokenHandler csrfTokenHandler;
+
+ /**
* @param id
*/
+ @SuppressWarnings("serial")
public RechnungCostEditTablePanel(final String id)
{
super(id);
feedbackPanel = new FeedbackPanel("feedback");
ajaxComponents.register(feedbackPanel);
add(feedbackPanel);
- this.form = new Form<AbstractRechnungsPositionDO>("form");
+ this.form = new Form<AbstractRechnungsPositionDO>("form") {
+ @Override
+ protected void onSubmit()
+ {
+ super.onSubmit();
+ csrfTokenHandler.onSubmit();
+ }
+ };
add(form);
+ csrfTokenHandler = new CsrfTokenHandler(form);
rows = new RepeatingView("rows");
form.add(rows);
}
View
14 src/main/java/org/projectforge/web/mobile/AbstractMobileEditForm.java
@@ -28,6 +28,7 @@
import org.apache.wicket.markup.html.panel.FeedbackPanel;
import org.apache.wicket.markup.repeater.RepeatingView;
import org.projectforge.core.AbstractBaseDO;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.mobileflowlayout.MobileGridBuilder;
public abstract class AbstractMobileEditForm<O extends AbstractBaseDO< ? >, P extends AbstractMobileEditPage< ? , ? , ? >> extends
@@ -39,10 +40,23 @@
protected MobileGridBuilder gridBuilder;
+ /**
+ * Cross site request forgery token.
+ */
+ private final CsrfTokenHandler csrfTokenHandler;
+
public AbstractMobileEditForm(final P parentPage, final O data)
{
super(parentPage);
this.data = data;
+ csrfTokenHandler = new CsrfTokenHandler(this);
+ }
+
+ @Override
+ protected void onSubmit()
+ {
+ super.onSubmit();
+ csrfTokenHandler.onSubmit();
}
public O getData()
View
1 src/main/java/org/projectforge/web/mobile/AbstractMobileEditPage.html
@@ -19,6 +19,7 @@
<p>
<a wicket:id="submitButton" rel="external" data-role="button"><wicket:container wicket:id="label">[create or update]</wicket:container></a>
</p>
+ <input type="hidden" wicket:id="csrfToken" />
</form>
</div>
</wicket:extend>
View
14 src/main/java/org/projectforge/web/mobile/AbstractMobileListForm.java
@@ -27,6 +27,7 @@
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.model.PropertyModel;
import org.projectforge.core.BaseSearchFilter;
+import org.projectforge.web.wicket.CsrfTokenHandler;
public abstract class AbstractMobileListForm<F extends BaseSearchFilter, P extends AbstractMobileListPage< ? , ? , ? >> extends
AbstractMobileForm<AbstractMobileListForm< ? , ? >, AbstractMobileListPage< ? , ? , ? >>
@@ -37,6 +38,11 @@
protected F filter;
+ /**
+ * Cross site request forgery token.
+ */
+ private final CsrfTokenHandler csrfTokenHandler;
+
@SuppressWarnings("unchecked")
public AbstractMobileListForm(final AbstractMobileListPage< ? , ? , ? > parentPage)
{
@@ -51,6 +57,14 @@ public AbstractMobileListForm(final AbstractMobileListPage< ? , ? , ? > parentPa
filter = newFilter();
parentPage.putUserPrefEntry(userPrefFilterKey, filter, true);
}
+ csrfTokenHandler = new CsrfTokenHandler(this);
+ }
+
+ @Override
+ protected void onSubmit()
+ {
+ super.onSubmit();
+ csrfTokenHandler.onSubmit();
}
protected void init()
View
17 src/main/java/org/projectforge/web/mobile/AbstractMobileListPage.html
@@ -6,12 +6,15 @@
</head>
<body>
-<wicket:extend>
- <form wicket:id="form" autocomplete="off">
- <div data-role="fieldcontain" id="searchfield"><input type="text" data-type="search" wicket:id="searchField" id="search" placeholder="Suche" /></div>
- </form>
- <wicket:container wicket:id="listViewPage">
- </wicket:container>
-</wicket:extend>
+ <wicket:extend>
+ <form wicket:id="form" autocomplete="off">
+ <div data-role="fieldcontain" id="searchfield">
+ <input type="text" data-type="search" wicket:id="searchField" id="search" placeholder="Suche" />
+ </div>
+ <input type="hidden" wicket:id="csrfToken" />
+ </form>
+ <wicket:container wicket:id="listViewPage">
+ </wicket:container>
+ </wicket:extend>
</body>
</html>
View
11 src/main/java/org/projectforge/web/task/TaskTreeForm.java
@@ -31,6 +31,7 @@
import org.apache.wicket.model.PropertyModel;
import org.projectforge.task.TaskFilter;
import org.projectforge.web.wicket.AbstractForm;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.WebConstants;
import org.projectforge.web.wicket.WicketUtils;
import org.projectforge.web.wicket.bootstrap.GridBuilder;
@@ -65,6 +66,11 @@
protected GridBuilder gridBuilder;
+ /**
+ * Cross site request forgery token.
+ */
+ private final CsrfTokenHandler csrfTokenHandler;
+
@Override
@SuppressWarnings("serial")
protected void init()
@@ -131,7 +137,8 @@ public final void onSubmit()
}
};
- listViewButtonPanel = new SingleButtonPanel(actionButtons.newChildId(), listViewButton, getString("listView"), SingleButtonPanel.NORMAL);
+ listViewButtonPanel = new SingleButtonPanel(actionButtons.newChildId(), listViewButton, getString("listView"),
+ SingleButtonPanel.NORMAL);
actionButtons.add(listViewButtonPanel);
}
{
@@ -153,6 +160,7 @@ public final void onSubmit()
public TaskTreeForm(final TaskTreePage parentPage)
{
super(parentPage);
+ csrfTokenHandler = new CsrfTokenHandler(this);
}
@Override
@@ -198,6 +206,7 @@ public TaskFilter getSearchFilter()
protected void onSubmit()
{
super.onSubmit();
+ csrfTokenHandler.onSubmit();
parentPage.refresh();
}
View
1 src/main/java/org/projectforge/web/task/TaskTreePage.html
@@ -23,6 +23,7 @@
<wicket:container wicket:id="actionButtons">[cancel] [search]</wicket:container>
</div>
<div wicket:id="tree">[tree]</div>
+ <input type="hidden" wicket:id="csrfToken" />
</form>
<div class="alert alert-info" wicket:id="info">[Click on row to select one task.]</div>
</wicket:extend>
View
12 src/main/java/org/projectforge/web/wicket/CsrfTokenHandler.java
@@ -29,7 +29,7 @@
import org.apache.wicket.Session;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.HiddenField;
-import org.apache.wicket.model.Model;
+import org.apache.wicket.model.PropertyModel;
import org.projectforge.core.InternalErrorException;
/**
@@ -43,15 +43,16 @@
private static final org.apache.log4j.Logger log = org.apache.log4j.Logger.getLogger(CsrfTokenHandler.class);
- private HiddenField<String> csrfTokenField;
+ private final String csrfToken;
/**
* The given form should contain a hidden field named 'csrfToken'.
* @param form
*/
public CsrfTokenHandler(final Form< ? > form)
{
- form.add(csrfTokenField = new HiddenField<String>("csrfToken", Model.of(getCsrfSessionToken())));
+ csrfToken = getCsrfSessionToken();
+ form.add(new HiddenField<String>("csrfToken", new PropertyModel<String>(this, "csrfToken")));
}
/**
@@ -71,12 +72,11 @@ private String getCsrfSessionToken()
public void onSubmit()
{
final String sessionCsrfToken = getCsrfSessionToken();
- final String postedCsrfToken = this.csrfTokenField.getInput();
- if (StringUtils.equals(sessionCsrfToken, postedCsrfToken) == false) {
+ if (StringUtils.equals(sessionCsrfToken, csrfToken) == false) {
log.error("Cross site request forgery alert. csrf token doesn't match! session csrf token="
+ sessionCsrfToken
+ ", posted csrf token="
- + postedCsrfToken);
+ + csrfToken);
throw new InternalErrorException("errorpage.csrfError");
}
}
View
6 src/main/java/org/projectforge/web/wicket/components/DropFileContainer.html
@@ -1,11 +1,13 @@
<wicket:panel xmlns:wicket="http://wicket.apache.org/dtds.data/wicket-xhtml1.4-strict.dtd">
<div class="pf_dnd" wicket:id="main">
<input type="file" id="fileselect" class="pf_fileselect" />
- <div class="pf_filedrag"><wicket:message key="drop" /></div>
+ <div class="pf_filedrag">
+ <wicket:message key="drop" />
+ </div>
<form wicket:id="hiddenForm" class="pf_hiddenForm">
<textarea class="pf_text" wicket:id="importString"></textarea>
<textarea class="pf_name" wicket:id="importFileName"></textarea>
- <input type="submit" class="pf_submit" wicket:id="submitButton" />
+ <input type="submit" class="pf_submit" wicket:id="submitButton" /> <input type="hidden" wicket:id="csrfToken" />
</form>
</div>
</wicket:panel>
View
12 src/main/java/org/projectforge/web/wicket/components/DropFileContainer.java
@@ -33,6 +33,7 @@
import org.apache.wicket.markup.html.form.TextArea;
import org.apache.wicket.markup.html.panel.Panel;
import org.apache.wicket.model.CompoundPropertyModel;
+import org.projectforge.web.wicket.CsrfTokenHandler;
import org.projectforge.web.wicket.WicketUtils;
/**
@@ -47,17 +48,24 @@
private static final long serialVersionUID = 3622467918922963503L;
private final WebMarkupContainer main;
+
private final String mimeType;
/**
+ * Cross site request forgery token.
+ */
+ private CsrfTokenHandler csrfTokenHandler;
+
+ /**
* @param id
*/
public DropFileContainer(final String id)
{
this(id, null);
}
- public DropFileContainer(final String id, final String mimeType) {
+ public DropFileContainer(final String id, final String mimeType)
+ {
super(id);
this.mimeType = mimeType;
main = new WebMarkupContainer("main");
@@ -82,6 +90,7 @@ protected void onInitialize()
@Override
protected void onSubmit(final AjaxRequestTarget target, final Form< ? > form)
{
+ csrfTokenHandler.onSubmit();
final FormBean modelObject = hiddenForm.getModel().getObject();
onStringImport(target, modelObject.importFileName, modelObject.importString);
}
@@ -93,6 +102,7 @@ protected void onError(final AjaxRequestTarget target, final Form< ? > form)
}
});
+ csrfTokenHandler = new CsrfTokenHandler(hiddenForm);
}
/**

0 comments on commit 422de35

Please sign in to comment.