<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
I'd be interested in feedback especially from Shane, who had some<br>
questions about Seam Remoting and CSRF. I tried to explain it and show<br>
why/how we have some missing features in this area. I think we need to<br>
do something about it - like per-request tokens. However, we might<br>
want to expand this feature as a general CSRF solution that also works<br>
with the REST request processing, for example. (And Wicket forms?)</blockquote><div><br>This feel off the back of the truck over the holiday break. Thanks for rekindling.<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Dan, if you could add the current status of "stateless" view<br>
processing in JSF 2.0 to the CSRF page, we can go from there and draft<br>
some recommendations for users.</blockquote><div><br>Every time I visit the JSF EG mailing list, this issue crosses my mind. I will add it to my agenda.</div></div><br>-- <br>Dan Allen<br>Senior Software Engineer, Red Hat | Author of Seam in Action<br>
<br><a href="http://mojavelinux.com">http://mojavelinux.com</a><br><a href="http://mojavelinux.com/seaminaction">http://mojavelinux.com/seaminaction</a><br><br>NOTE: While I make a strong effort to keep up with my email on a daily<br>
basis, personal or other work matters can sometimes keep me away<br>from my email. If you contact me, but don't hear back for more than a week,<br>it is very likely that I am excessively backlogged or the message was<br>
caught in the spam filters. Please don't hesitate to resend a message if<br>you feel that it did not reach my attention.<br>