Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 13:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix reference to CookieServerCsrfTokenRepository

Browse Source 
Issue gh-11959
This commit is contained in:
Steve Riesenberg
2022-11-19 23:12:59 -06:00
parent 4442a618ea
commit 3d2be56249
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/migration/reactive.adoc
+1 -1
View File
@@ -126,7 +126,7 @@ If configuring CSRF BREACH protection gives you trouble, take a look at these sc
==== I am using AngularJS or another Javascript framework
If you are using AngularJS and the https://angular.io/api/common/http/HttpClientXsrfModule[HttpClientXsrfModule] (or a similar module in another framework) along with `CookieCsrfTokenRepository.withHttpOnlyFalse()`, you may find that automatic support no longer works.
If you are using AngularJS and the https://angular.io/api/common/http/HttpClientXsrfModule[HttpClientXsrfModule] (or a similar module in another framework) along with `CookieServerCsrfTokenRepository.withHttpOnlyFalse()`, you may find that automatic support no longer works.
In this case, you can configure Spring Security to validate the raw `CsrfToken` from the cookie while keeping CSRF BREACH protection of the response using a custom `ServerCsrfTokenRequestHandler` with delegation, like so: