Skip to content

CsrfAuthenticationStrategy is not consistent with CsrfFilter #12235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sjohnr opened this issue Nov 17, 2022 · 0 comments
Closed

CsrfAuthenticationStrategy is not consistent with CsrfFilter #12235

sjohnr opened this issue Nov 17, 2022 · 0 comments
Assignees
@sjohnr
Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: bug A general bug
Milestone
6.0.0

Comments

@sjohnr
Copy link
Member

sjohnr commented Nov 17, 2022
edited
Loading

We should default to Xor CSRF tokens in 6.0, but CsrfAuthenticationStrategy still uses CsrfTokenRequestAttributeHandler by default instead of XorCsrfTokenRequestAttributeHandler.

Related gh-11960
@sjohnr sjohnr added in: web An issue in web modules (web, webmvc) type: bug A general bug labels Nov 17, 2022
@sjohnr sjohnr added this to the 6.0.0 milestone Nov 17, 2022
@sjohnr sjohnr self-assigned this Nov 17, 2022
@sjohnr sjohnr closed this as completed in fd54732 Nov 19, 2022
@sjohnr sjohnr added the type: breaks-passivity A change that breaks passivity with the previous release label Nov 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: bug A general bug
Projects
None yet
Milestone
6.0.0
Development

No branches or pull requests
1 participant
@sjohnr