Cross-Site Request Forgery (CSRF), CSRFHandlerInterceptor, Ajax
Dear experts, et. al.,
According to the hybris documentation(1):
Cross-site request forgery protection is also provided for Ajax POST requests. If you use $.post, $.ajax or $.postJSON, a CSRFToken parameter is automatically added to the data submitted to the server.
I have tested it with HTML forms, Spring forms and Ajax calls (using $.ajax) and it works like a charm. However, and this is a big however, we have lots of Ajax calls that were created in a different ways, for instance: using the JQuery method $ajaxForm.
Has anybody done the same for the JQuery method $ajaxForm? What I am trying to do is to somehow extend the hybris functionality to also add the hidden field CSRFToken and avoid doing it with every single AJAX call we have.
Any help will be greatly appreciated!
Kind regards
L