micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-8653 fix csrf cookie name

Browse source
This commit is contained in:
kochetkov 2024-11-13 09:05:05 +03:00
parent 84854640e7
commit b30948f427
3 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java
View file

@ -59,6 +59,8 @@ public class SecurityConfig {
protected void httpConfigure(HttpSecurity httpSecurity) throws Exception {
CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
tokenRepository.setCookieName(TokenConstants.CSRF_TOKEN_NAME);
tokenRepository.setHeaderName(TokenConstants.CSRF_HEADER_NAME);
tokenRepository.setCookiePath("/");
XorCsrfTokenRequestAttributeHandler delegate = new XorCsrfTokenRequestAttributeHandler();
delegate.setCsrfRequestAttributeName(null);

10
backend/src/main/java/ru/micord/ervu/security/TokenConstants.java Normal file
View file

@ -0,0 +1,10 @@
package ru.micord.ervu.security;
public final class TokenConstants {
public static String CSRF_TOKEN_NAME = "XSRF-TOKEN-LKRP-UL";
public static String CSRF_HEADER_NAME = "X-XSRF-TOKEN-LKRP-UL";
private TokenConstants() {
//must be empty
}
}

4
frontend/src/ts/modules/security/TokenConstants.ts
View file

@ -1,4 +1,4 @@
export class TokenConstants {
public static readonly CSRF_TOKEN_NAME = "XSRF-TOKEN";
public static readonly CSRF_HEADER_NAME = "X-XSRF-TOKEN";
public static readonly CSRF_TOKEN_NAME = "XSRF-TOKEN-LKRP-UL";
public static readonly CSRF_HEADER_NAME = "X-XSRF-TOKEN-LKRP-UL";
}