Reverse content type check
When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205
This commit is contained in:
parent
e0fa644b08
commit
e97c5a533b
|
@ -151,7 +151,7 @@ public class CsrfWebFilter implements WebFilter {
|
|||
ServerHttpRequest request = exchange.getRequest();
|
||||
HttpHeaders headers = request.getHeaders();
|
||||
MediaType contentType = headers.getContentType();
|
||||
if (!contentType.includes(MediaType.MULTIPART_FORM_DATA)) {
|
||||
if (!MediaType.MULTIPART_FORM_DATA.isCompatibleWith(contentType)) {
|
||||
return Mono.empty();
|
||||
}
|
||||
return exchange.getMultipartData().map((d) -> d.getFirst(expected.getParameterName())).cast(FormFieldPart.class)
|
||||
|
|
|
@ -189,6 +189,17 @@ public class CsrfWebFilterTests {
|
|||
.expectStatus().is2xxSuccessful();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenPostAndMultipartFormDataEnabledAndNoBodyProvided() {
|
||||
this.csrfFilter.setCsrfTokenRepository(this.repository);
|
||||
this.csrfFilter.setTokenFromMultipartDataEnabled(true);
|
||||
given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
|
||||
given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
|
||||
WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
|
||||
client.post().uri("/").header(this.token.getHeaderName(), this.token.getToken()).exchange().expectStatus()
|
||||
.is2xxSuccessful();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenFormDataAndEnabledThenGranted() {
|
||||
this.csrfFilter.setCsrfTokenRepository(this.repository);
|
||||
|
|
Loading…
Reference in New Issue