Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
spring-security/docs/modules/ROOT/pages/migration/servlet/exploits.adoc
Steve Riesenberg 179428f7da
Add section for migrating WebSocket support 
Issue gh-12378
2023-01-26 15:45:09 -06:00

12 lines
670 B
Plaintext
Raw Blame History

= Exploit Protection Migrations
The following steps relate to how to finish migrating exploit protection support.
== CSRF BREACH with WebSocket support
In Spring Security 5.8, the default `ChannelInterceptor` for making the `CsrfToken` available with xref:servlet/integrations/websocket.adoc[WebSocket Security] is `CsrfChannelInterceptor`.
`XorCsrfChannelInterceptor` was added to allow opting into CSRF BREACH support.
In Spring Security 6, `XorCsrfChannelInterceptor` is the default `ChannelInterceptor` for making the `CsrfToken` available.
If you configured the `XorCsrfChannelInterceptor` only for the purpose of updating to 6.0, you can remove it completely.
Reference in New Issue View Git Blame Copy Permalink