Description
After a StatelessForm is submitted, the user is redirected to a new URI. If the user does an HTTP GET to this same URI, the form is resubmitted with all blank values (see examples below). This seems to happen regardless of the RenderStrategy being used or the form's method (i.e. POST), and it happens in recent versions of 1.4.x as well as 1.5.x.
To demonstrate the behavior, visit either of the following links. The validation failure indicates that the form has been submitted just by visiting the URI (i.e. HTTP GET).
http://wicketstuff.org/wicket14/stateless/?wicket:bookmarkablePage=:org.apache.wicket.examples.stateless.StatelessPage&wicket:interface=:0:statelessform::IFormSubmitListener::
http://wicketstuff.org/wicket/stateless/foo?0-1.IFormSubmitListener-statelessform
This behavior could be triggered when:
- a user submits a StatelessForm and saves a bookmark to the generated URI.
- a user submits a StatelessForm and shares a link to the generated URI via email or other means.
- a user submits a StatelessForm, lets their session expire, then takes any action requiring login when using wicket-auth-roles. (They are redirected back to the generated URI after login.)
- after submitting a StatelessForm, a user clicks in their address bar and hits enter.
Attachments
Issue Links
- is a clone of
-
WICKET-877 stateless page + form + bookmark = trouble
-
- Resolved
-