tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [tomcat] 04/06: Allow customization of the CSRF prevention filter's request parameter name.
Date Wed, 20 Nov 2019 20:21:39 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Konstantin,

On 11/20/19 14:33, Konstantin Kolinko wrote:
> ср, 20 нояб. 2019 г. в 22:20, <schultz@apache.org>:
>> 
>> This is an automated email from the ASF dual-hosted git
>> repository.
>> 
>> schultz pushed a commit to branch 8.5.x in repository
>> https://gitbox.apache.org/repos/asf/tomcat.git
>> 
>> View the commit online: 
>> https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70
c2ddfc8d676
>>
>>
>> 
commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
>> Author: Christopher Schultz <chris@christopherschultz.net> 
>> AuthorDate: Tue Nov 19 12:54:45 2019 -0500
>> 
>> Allow customization of the CSRF prevention filter's request
>> parameter name. --- 
>> .../catalina/filters/CsrfPreventionFilter.java     | 24
>> +++++++++++++++++----- webapps/docs/changelog.xml
>> |  5 +++-- 2 files changed, 22 insertions(+), 7 deletions(-)
>> 
>> diff --git
>> a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
>> b/java/org/apache/catalina/filters/CsrfPreventionFilter.java 
>> index cd1b576..fe4399f 100644 ---
>> a/java/org/apache/catalina/filters/CsrfPreventionFilter.java +++
>> b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> 
> [...]
> 
>> -        public CsrfResponseWrapper(HttpServletResponse response,
>> String nonce) { +        public
>> CsrfResponseWrapper(HttpServletResponse response, String
>> nonceRequestParameterName, String nonce) { super(response); +
>> this.nonceRequestParameterName = nonceRequestParameterName; 
>> this.nonce = nonce; }
> 
> Tests need to be adjusted, as they use the constructor above. See
> remm's commit on master for a fix, 
> https://github.com/apache/tomcat/commit/9d7cb5468fbf2df4709c222b472bd8
6a26c9d4b6

ACK

Thanks
> 
for the review, again.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3VoFMACgkQHPApP6U8
pFgEPQ/9HleVKzMeN9X5kMwm23iCxdij4DGk+nKyNLNMKgdej5fdvnAL+i8ZqqdL
Zez4C7JL2Aq2qgT3qkI3sMZUNpMNvPerZ/Xo1brUCzrEuW1u6uorvGuTbi5zOXQp
GglEIOwZPMtfjx8+JKZCZAkoyjxb6UzK1nr+WNn7TLkjmsKZ+q9vxEIx21QSWdry
hrBPbxiLAUM8GpBoeHSMKJE3kVhsEOCGDCBwjtpCdTPM5rIhXRIqHs03ATYgp3xj
DhVy7vS0YrrqadKbuPyyWEdEatCVdE+ZDr183QFmbL8ICcDnm0pBhAoOuaj7vA1W
4AAPzH+NraFn+zujMyw8BeA9MAy2XibsMx6CvggejdU8S5pHHKaK773/+cr3rZK3
okIChgwEAC4LeMBYQzXs9NhtsJ0JZ4rlV5asg9RamvMm21JjM1CRky+ljPo27Dzm
aALwJerEwuJSHoBsj8KDtvO+bQeG9D3mLyv+6QboxjX+sipop/JjQwo90meCsE+S
5CwBmwetfhmwq4glj5w1A4eM1PBXgnOdQ/94kLzPnnb5bzdRBlS4zvEBQ2LfheMC
zRq22VavTTeaQ19sbHlbo4dpx8xO6+z9vXe5SIb+LyXZZJRUYUUzuZ/eCpBE/9/y
fdrOZ/sJoQvJWT4cobZhfuItgPgMdebDCk9RYvndssacJ4cGvj4=
=m93x
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message