Blocked request without GWT permutation header (XSRF attack)?

[GoogleCodeExporter]

basic testing of GWT 2.0.3 w/ syncProxy 0.1.3, got:

java.lang.SecurityException: Blocked request without GWT permutation header 
(XSRF attack?)
    at 
com.google.gwt.rpc.server.RpcServlet.getClientOracle(RpcServlet.java:73)
    at 
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:177)
    at 
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractR
emoteServiceServlet.java:62)

Original issue reported on code.google.com by binarymo...@gmail.com on 6 Apr 2010 at 9:16