Skip to content

Commit

Permalink
configurable option for csrf
Browse files Browse the repository at this point in the history
  • Loading branch information
@1azyman
1azyman committed Nov 9, 2017
1 parent 12297e7 commit cbdf8ad
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java
View file
Expand Up @@ -49,6 +49,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationProvider authenticationProvider;

@Value("${security.enable-csrf:true}")
private boolean csrfEnabled;
@Value("${auth.logout.url}")
private String authLogoutUrl;

Expand Down Expand Up @@ -118,6 +120,10 @@ protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(wicketAuthenticationEntryPoint());

if (!csrfEnabled) {
http.csrf().disable();
}

http.headers().disable();
}

Expand Down

0 comments on commit cbdf8ad

Please sign in to comment.