Broadleaf Commerce Discussion Forums

Don't know what I did, somehow it started throwing following error when I access account mgr related pages:


Looking at the backing form object, org.broadleafcommerce.core.web.controller.account.UpdateAccountForm, it doesn't have csrfToken property. I must have messed something up that broke it. But how does this work if the backing form doesn't have a field that the HTML references?

Thank you in advance!

-Charlie

On all of your <form tag declarations, use <blc:form instead.

Thank you for your reply. I've tried it, but it doesn't work. Maybe my code is out of sync? I started with 2.0.0-M1-6 and moved to 2.0.1-GA a few weeks ago. I haven't updated those html files. I guess the newer version it refers to now has this property moved to a processor? If so I'll need to update those html files.

Thank you!

-Charlie

[Resolved]. csrfToken removed from all files as it's generated by the form processor now.

Thank you for pointing me to the right direction!

-Charlie

Yup, that's the fix. Also, this property is really just used in a filter and not on the backing form objects. See CsrfFilter for more info. In some of the later point releases of 2.0 (not sure if 2.0.1 has it) you can also specify some excluded URLs from attempting to do CSRF validation. This is useful for things like payment gateways who usually send a POST back to your application at some URL that you specify; having a CSRF token wouldn't make sense there.

Got it. So far without the treatment authorize.net posting back seems working fine at least for payment process and order confirmation.

Thank you for the tip.
-Charlie