make favicon public

Even though the resource doesn't exist, chrome (and probably other browsers) will request the favicon after requesting the "second-factor" page. Requests for the favicon prevented proceeding past the second-factor page and never hitting the POST to "second-factor". Instead, the sample prompts for the username, again. Exposing favicon (even though it doesn't exist) resolves the issue.
2022-05-03 14:08:49 -06:00 · 2022-05-03 14:08:49 -06:00 · 162ee60efb
parent bc3fc6b2e0
commit 162ee60efb
1 changed files with 1 additions and 0 deletions
--- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
+++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
@ -47,6 +47,7 @@ public class SecurityConfig {
 		// @formatter:off
 		http
 			.authorizeHttpRequests((authorize) -> authorize
+				.antMatchers("/favicon.ico").permitAll()
 				.mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager)
 				.anyRequest().authenticated()
 			)