Enabling CSRF for Vaadin application

Hi,

We are using Vaadin 6.7.3 deployed in Apache Tomcat 7.0 server.
Our application has a login and other forms. (the whole application uses only one URL)

Do we need to enable tomcat CSRF filter to secure the Vaadin application from CSRF attacks?

Regards,
Siva.

I don’t think it’s needed, you should get a invalid security key message.

But I haven’t looked into this deeply

André