From dev-return-203587-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org  Wed Nov 20 19:34:13 2019
Return-Path: <dev-return-203587-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [207.244.88.153])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 7FDE81804BB
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 20 Nov 2019 20:34:13 +0100 (CET)
Received: (qmail 51871 invoked by uid 500); 20 Nov 2019 19:34:10 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 51815 invoked by uid 99); 20 Nov 2019 19:34:10 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Nov 2019 19:34:10 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id E3F391A4304
	for <dev@tomcat.apache.org>; Wed, 20 Nov 2019 19:34:09 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001,
	RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
	URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-ec2-va.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id l7uQ1pmgkRXV for <dev@tomcat.apache.org>;
	Wed, 20 Nov 2019 19:34:07 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.167.41; helo=mail-lf1-f41.google.com; envelope-from=knst.kolinko@gmail.com; receiver=<UNKNOWN> 
Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41])
	by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id E76EBBC560
	for <dev@tomcat.apache.org>; Wed, 20 Nov 2019 19:34:06 +0000 (UTC)
Received: by mail-lf1-f41.google.com with SMTP id a17so459585lfi.13
        for <dev@tomcat.apache.org>; Wed, 20 Nov 2019 11:34:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :content-transfer-encoding;
        bh=s/xnpSJaFIh0wrM1dJTJDGUCPrR7cEb1IzjIRNJ1laI=;
        b=hiULwyjNTZf8K5FXcUj0CTX2IDv9CUy5ZDPFBKgsJvLHz2bnEorUYKp/HcFxAm60j+
         UJ9cBvJoiKBargUB82nOsygCtNTu6wYRNIW3strD+QWc2GBg2AUQZ9dvUdCoOptun9dz
         baiDUGDHk7+wy3y09ZxLZ45QQ2i8WVg2QuGwe5UxCjL6bqfh/im7CRhdLtDIat56FwyP
         i7iF9jZ4wTcdfDK+myAEXbnytQxyecqQODjlj+Blwaba0XODn1Es6j2XIfai8nsXgBXB
         GsuwREEUBkUe8Rgm9pHeQEiZ4859R7a9cKitr+iW4vt2JCe7M7QJrwkgYd+mx0z+X897
         KE8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:content-transfer-encoding;
        bh=s/xnpSJaFIh0wrM1dJTJDGUCPrR7cEb1IzjIRNJ1laI=;
        b=qUJHRw1yt1ashHjrlocf0FswPZUANFqsXohTAxXl68nsVeG1hqqo/E6EeAjl8a/edp
         uGVezK7W56F/eRGihtleUObc4KGK177rXnVPSvUIjPw4Av2nYT4qjhoWceFBr2enSb0T
         nLrXDXLQzv4GMaI1Q0Pvif3OPBuS/+klg7got5MwC72FASj4jK1O0shyV5vNIjjMsFI8
         cGoSkkX25Ib+naios2hQ//5Llap3WNoUPWploy7gkIz8KtPAaanuccgWybdAyJlh6feT
         jOSua9FdJdKsWZSi157r6WzR+VaDoPkw3+9QItuGiuPjMDlpmrRR9yP9pSEpWbrgRMou
         ZvKg==
X-Gm-Message-State: APjAAAVjKVTmy+cBmLFIGUbEHGdjfjKC5F8B45IAELdH3/3zOP2ooFJG
	wxROhz2sjI4Qkc6GPLTntR5WCOMEQVk5y+NzRLsUsaQr9V4=
X-Google-Smtp-Source: APXvYqx42D8MkuzwUhQnSC59oPvI3fWRay+8pEgQJ226ibeGfSVucOa6n9odVoGGnF6NLJ65VrwUHFWCmHEo7gJ6vgY=
X-Received: by 2002:a05:6512:486:: with SMTP id v6mr4052478lfq.72.1574278439709;
 Wed, 20 Nov 2019 11:33:59 -0800 (PST)
MIME-Version: 1.0
References: <157427762383.6906.4410050993910846756@gitbox.apache.org> <20191120192024.0FE7C8B694@gitbox.apache.org>
In-Reply-To: <20191120192024.0FE7C8B694@gitbox.apache.org>
From: Konstantin Kolinko <knst.kolinko@gmail.com>
Date: Wed, 20 Nov 2019 22:33:48 +0300
Message-ID: <CABzHfV=NYXaSnKjVrPNd7C0+QaRXQ77+7+QmYeJDbKW0k=XwVA@mail.gmail.com>
Subject: Re: [tomcat] 04/06: Allow customization of the CSRF prevention
 filter's request parameter name.
To: Tomcat Developers List <dev@tomcat.apache.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

=D1=81=D1=80, 20 =D0=BD=D0=BE=D1=8F=D0=B1. 2019 =D0=B3. =D0=B2 22:20, <schu=
ltz@apache.org>:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> schultz pushed a commit to branch 8.5.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> View the commit online:
> https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70c2dd=
fc8d676
>
> commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
> Author: Christopher Schultz <chris@christopherschultz.net>
> AuthorDate: Tue Nov 19 12:54:45 2019 -0500
>
>     Allow customization of the CSRF prevention filter's request parameter=
 name.
> ---
>  .../catalina/filters/CsrfPreventionFilter.java     | 24 ++++++++++++++++=
+-----
>  webapps/docs/changelog.xml                         |  5 +++--
>  2 files changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java b=
/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> index cd1b576..fe4399f 100644
> --- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> +++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java

[...]

> -        public CsrfResponseWrapper(HttpServletResponse response, String =
nonce) {
> +        public CsrfResponseWrapper(HttpServletResponse response, String =
nonceRequestParameterName, String nonce) {
>              super(response);
> +            this.nonceRequestParameterName =3D nonceRequestParameterName=
;
>              this.nonce =3D nonce;
>          }

Tests need to be adjusted, as they use the constructor above.
See remm's commit on master for a fix,
https://github.com/apache/tomcat/commit/9d7cb5468fbf2df4709c222b472bd86a26c=
9d4b6

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org