The OpenD Programming Language

ApiProvider.checkCsrfToken

override this to change cross-site request forgery checks.

To perform a csrf check, call ensureGoodPost(); in your code.

It throws a PermissionDeniedException if the check fails. This might change later to make catching it easier.

If there is no session object, the test always succeeds. This lets you opt out of the system.

If the session is null, it does nothing. FancyMain makes a session for you. If you are doing manual run(), it is your responsibility to create a session and attach it to each primary object.

NOTE: it is important for you use ensureGoodPost() on any data changing things! This function alone is a no-op on non-POST methods, so there's no real protection without ensuring POST when making changes.

class ApiProvider
protected
void
checkCsrfToken
()

Meta