0

I am using HDIV version 3.2.0, excluding a param as below:

registry.addParamExclusions("param1").forUrls("/section/.*");

But when I try to submit the form with "param1"(hidden param and setting value using jQuery), HDIV still validates this parameter and form submission fails.

Thanks for your help!

Regards, Subbu

Nagasubba Reddy
  • 1
  • 1
  • Please provide more detail in the configuration of your application. There is a similar example on this application and it is working fine, so it can be related to a missing configuration: https://github.com/hdiv/hdiv-spring-mvc-showcase-jc/blob/master/src/main/java/org/hdiv/samples/mvc/config/HdivSecurityConfig.java#L34 – gillarramendi Dec 09 '16 at 20:24
  • Hi Gillarramendi, Thanks for your reply. I tried with the configuration mentioned in the link. But I ran into a different issue. I am using spring mvc + thymeleaf. For the html pages where I have links using thymeleaf is renedering properly. But if I am clicking on a button where I am generating the link using javascript, error page is displayed. – Nagasubba Reddy Dec 13 '16 at 06:15
  • When I debugged further came to know that HDIV is expecting a parameter which will be auto generated if we create url using any serverside technology at client side. Is there any way to send that parameter if we create url using javascript. – Nagasubba Reddy Dec 13 '16 at 06:25
  • You have to create the url at server side and invoke it using JavaScript. If you are adding extra parameters at client side, exclude them from validation. Hdiv expects all url and forms to be created at server side. – gillarramendi Dec 13 '16 at 09:16
  • As per the configuration example you mentioned to "exclude a paramter from validation" in the link as: registry.addUrlExclusions("/attacks/.*"); registry.addParamExclusions("param1", "param2").forUrls("/attacks/.*"); So the above 2 lines says, if we want to exclude a parameter we want to exclude even the url contains this paramter? Is my understanding correct? – Nagasubba Reddy Dec 13 '16 at 13:43
  • `registry.addUrlExclusions("/attacks/.*");` -> Exclude the validation of all requests starting with `/attacks/`, including all parameters. `registry.addParamExclusions("param1", "param2").forUrls("/attacks/.*");` -> Exclude the validation of the parameters `param1` and `param2` in requests starting with `/attacks/`. Validate the rest of the parameters. – gillarramendi Dec 14 '16 at 14:21

0 Answers0