tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: [tomcat] 04/06: Allow customization of the CSRF prevention filter's request parameter name.
Date Wed, 20 Nov 2019 19:33:48 GMT
ср, 20 нояб. 2019 г. в 22:20, <schultz@apache.org>:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> schultz pushed a commit to branch 8.5.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> View the commit online:
> https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70c2ddfc8d676
>
> commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
> Author: Christopher Schultz <chris@christopherschultz.net>
> AuthorDate: Tue Nov 19 12:54:45 2019 -0500
>
>     Allow customization of the CSRF prevention filter's request parameter name.
> ---
>  .../catalina/filters/CsrfPreventionFilter.java     | 24 +++++++++++++++++-----
>  webapps/docs/changelog.xml                         |  5 +++--
>  2 files changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> index cd1b576..fe4399f 100644
> --- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> +++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java

[...]

> -        public CsrfResponseWrapper(HttpServletResponse response, String nonce) {
> +        public CsrfResponseWrapper(HttpServletResponse response, String nonceRequestParameterName,
String nonce) {
>              super(response);
> +            this.nonceRequestParameterName = nonceRequestParameterName;
>              this.nonce = nonce;
>          }

Tests need to be adjusted, as they use the constructor above.
See remm's commit on master for a fix,
https://github.com/apache/tomcat/commit/9d7cb5468fbf2df4709c222b472bd86a26c9d4b6

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message