Home/ Questions/Q 8821047
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T05:45:28+00:00

I have a struts2 webapp in which I need to implement CSRF protection. For

  • 0

I have a struts2 webapp in which I need to implement CSRF protection. For statis forms it is pretty straight forward. I just need to activate the tokenSession interceptor & then set <s:token/> in the form to be submitted. (explained here and here)

But the problem appears when I need to enable CSRF protection for POST AJAX calls (I am using jQuery) which are not necessarily submitted via forms. I face the issue of re-using token when making subsequent AJAX calls.

Any pointers or different approaches are appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Currently I have resolved the issue by generating tokens for AJAX requests and sending it with the normal response like so –

        Map<String, String> tokenInfo = Maps.newHashMap();
    tokenInfo.put("struts.token.name", TokenHelper.getTokenName());
    tokenInfo.put(TokenHelper.getTokenName(), TokenHelper.setToken());

    I will abstract out a util method out of this & have the Actions that are token-activated to return this as part of response for actions which will be executed repeatedly without refresh of the page.

    I am still looking for an elegant solution to this though.

    • 0