From 1483a570180b8614353719d5ed23cb761792761a Mon Sep 17 00:00:00 2001
From: Zhivko Delchev <Jako8809@gmail.com>
Date: Fri, 13 May 2022 02:24:59 +0300
Subject: [PATCH] Reverse content type check

When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
---
 .../security/web/server/csrf/CsrfWebFilter.java       |  2 +-
 .../security/web/server/csrf/CsrfWebFilterTests.java  | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
index 718ccdf41c..241ad767b6 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
@@ -151,7 +151,7 @@ public class CsrfWebFilter implements WebFilter {
 		ServerHttpRequest request = exchange.getRequest();
 		HttpHeaders headers = request.getHeaders();
 		MediaType contentType = headers.getContentType();
-		if (!contentType.includes(MediaType.MULTIPART_FORM_DATA)) {
+		if (!MediaType.MULTIPART_FORM_DATA.isCompatibleWith(contentType)) {
 			return Mono.empty();
 		}
 		return exchange.getMultipartData().map((d) -> d.getFirst(expected.getParameterName())).cast(FormFieldPart.class)
diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
index e31c239219..aada7a4b62 100644
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java
@@ -189,6 +189,17 @@ public class CsrfWebFilterTests {
 				.expectStatus().is2xxSuccessful();
 	}
 
+	@Test
+	public void filterWhenPostAndMultipartFormDataEnabledAndNoBodyProvided() {
+		this.csrfFilter.setCsrfTokenRepository(this.repository);
+		this.csrfFilter.setTokenFromMultipartDataEnabled(true);
+		given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
+		given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
+		WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
+		client.post().uri("/").header(this.token.getHeaderName(), this.token.getToken()).exchange().expectStatus()
+				.is2xxSuccessful();
+	}
+
 	@Test
 	public void filterWhenFormDataAndEnabledThenGranted() {
 		this.csrfFilter.setCsrfTokenRepository(this.repository);