spring-security

History

Rob Winch 5b64526ba9 Add CsrfFilter.csrfRequestAttributeName Previously the CsrfToken was set on the request attribute with the name equal to CsrfToken.getParameterName(). This didn't really make a lot of sense because the CsrfToken.getParameterName() is intended to be used as the HTTP parameter that the CSRF token was provided. What's more is it meant that the CsrfToken needed to be read for every request to place it as an HttpServletRequestAttribute. This causes unnecessary HttpSession access which can decrease performance for applications. This commit allows setting CsrfFilter.csrfReqeustAttributeName to remove the dual purposing of CsrfToken.parameterName and to allow deferal of reading the CsrfToken to prevent unnecessary HttpSession access. Issue gh-11699	2022-08-15 17:07:02 -05:00
..
src	Add CsrfFilter.csrfRequestAttributeName	2022-08-15 17:07:02 -05:00
spring-security-web.gradle	Remove dependency on commons-codec by using java.util.Base64	2022-06-09 06:50:01 -06:00

Rob Winch 5b64526ba9 Add CsrfFilter.csrfRequestAttributeName

Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.

This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.

Issue gh-11699

2022-08-15 17:07:02 -05:00

src

Add CsrfFilter.csrfRequestAttributeName

2022-08-15 17:07:02 -05:00

spring-security-web.gradle

Remove dependency on commons-codec by using java.util.Base64

2022-06-09 06:50:01 -06:00