Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix reference to CookieServerCsrfTokenRepository 

Issue gh-11959
This commit is contained in:
Steve Riesenberg 2022-11-19 23:12:59 -06:00
parent 4442a618ea
commit 3d2be56249
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/modules/ROOT/pages/migration/reactive.adoc
View File

@ -126,7 +126,7 @@ If configuring CSRF BREACH protection gives you trouble, take a look at these sc
==== I am using AngularJS or another Javascript framework
If you are using AngularJS and the https://angular.io/api/common/http/HttpClientXsrfModule[HttpClientXsrfModule] (or a similar module in another framework) along with `CookieCsrfTokenRepository.withHttpOnlyFalse()`, you may find that automatic support no longer works.
If you are using AngularJS and the https://angular.io/api/common/http/HttpClientXsrfModule[HttpClientXsrfModule] (or a similar module in another framework) along with `CookieServerCsrfTokenRepository.withHttpOnlyFalse()`, you may find that automatic support no longer works.
In this case, you can configure Spring Security to validate the raw `CsrfToken` from the cookie while keeping CSRF BREACH protection of the response using a custom `ServerCsrfTokenRequestHandler` with delegation, like so: