Add section for migrating WebSocket support

Issue gh-12378
3 years ago · 179428f7da
2 changed files with 12 additions and 0 deletions
--- a/docs/modules/ROOT/nav.adoc
+++ b/docs/modules/ROOT/nav.adoc
@ -5,6 +5,7 @@
				@@ -5,6 +5,7 @@
 * xref:migration/index.adoc[Migrating to 6.0]
 ** xref:migration/servlet/index.adoc[Servlet Migrations]
 *** xref:migration/servlet/session-management.adoc[Session Management]
+*** xref:migration/servlet/exploits.adoc[Exploit Protection]
 *** xref:migration/servlet/authentication.adoc[Authentication]
 *** xref:migration/servlet/authorization.adoc[Authorization]
 ** xref:migration/reactive.adoc[Reactive Migrations]
--- a/docs/modules/ROOT/pages/migration/servlet/exploits.adoc
+++ b/docs/modules/ROOT/pages/migration/servlet/exploits.adoc
@ -0,0 +1,11 @@
				@@ -0,0 +1,11 @@
+= Exploit Protection Migrations
+
+The following steps relate to how to finish migrating exploit protection support.
+
+== CSRF BREACH with WebSocket support
+
+In Spring Security 5.8, the default `ChannelInterceptor` for making the `CsrfToken` available with xref:servlet/integrations/websocket.adoc[WebSocket Security] is `CsrfChannelInterceptor`.
+`XorCsrfChannelInterceptor` was added to allow opting into CSRF BREACH support.
+
+In Spring Security 6, `XorCsrfChannelInterceptor` is the default `ChannelInterceptor` for making the `CsrfToken` available.
+If you configured the `XorCsrfChannelInterceptor` only for the purpose of updating to 6.0, you can remove it completely.