GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix reference to CookieServerCsrfTokenRepository 

Issue gh-11959
pull/12266/head
Steve Riesenberg 3 years ago
parent
4442a618ea
commit
3d2be56249
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      docs/modules/ROOT/pages/migration/reactive.adoc

2
docs/modules/ROOT/pages/migration/reactive.adoc
Unescape View File

@ -126,7 +126,7 @@ If configuring CSRF BREACH protection gives you trouble, take a look at these sc @@ -126,7 +126,7 @@ If configuring CSRF BREACH protection gives you trouble, take a look at these sc
==== I am using AngularJS or another Javascript framework
If you are using AngularJS and the https://angular.io/api/common/http/HttpClientXsrfModule[HttpClientXsrfModule] (or a similar module in another framework) along with `CookieCsrfTokenRepository.withHttpOnlyFalse()`, you may find that automatic support no longer works.
If you are using AngularJS and the https://angular.io/api/common/http/HttpClientXsrfModule[HttpClientXsrfModule] (or a similar module in another framework) along with `CookieServerCsrfTokenRepository.withHttpOnlyFalse()`, you may find that automatic support no longer works.
In this case, you can configure Spring Security to validate the raw `CsrfToken` from the cookie while keeping CSRF BREACH protection of the response using a custom `ServerCsrfTokenRequestHandler` with delegation, like so:

Write Preview
Loading…
Cancel
Save