Grails 2.5.6.
I use a filter class to validate all my requests for XSS attacks. If a parameter might be harmful we simply do not forward the request to the desired interface.
This workflow works fine except for cases where there is a command object used as a interface argument. The variable is simply empty and without any params.
if (paramsValid) {
chain.doFilter(request, response)
}else {
println("ERROR");
response.setContentType("application/json");
response.setCharacterEncoding("utf-8");
PrintWriter out = response.getWriter();
response.setStatus(400);
out.print('{"success": false, "data": "Error validating request parameters"}');
out.flush();
return;
}
Then inside a conttroller interface:
def save(MappingCmd mapping) {
println(mapping);
The mappingCmd class members are always empty. The functionally works fine without the filter. How can I make this work?
Aucun commentaire:
Enregistrer un commentaire