cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf-fediz] branch 1.3.x-fixes updated: Adding CSRF part for the login form
Date Thu, 19 Oct 2017 14:53:27 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/1.3.x-fixes by this push:
     new ff25d3d  Adding CSRF part for the login form
ff25d3d is described below

commit ff25d3d658948835c2ee5c85a3f56ff778a34045
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Thu Oct 19 15:20:59 2017 +0100

    Adding CSRF part for the login form
---
 services/idp/src/main/webapp/WEB-INF/security-config.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/idp/src/main/webapp/WEB-INF/security-config.xml b/services/idp/src/main/webapp/WEB-INF/security-config.xml
index d8891e5..87ba841 100644
--- a/services/idp/src/main/webapp/WEB-INF/security-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/security-config.xml
@@ -92,6 +92,7 @@
     
     <!-- HTTP/BA entry point -->
     <security:http pattern="/federation/up/**" use-expressions="true">
+        <security:csrf />
 		<security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous()
or isAuthenticated()" />
         <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
         <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher"
/>

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].

Mime
View raw message