Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configuration for not deployed profile #1345

Merged
merged 2 commits into from Apr 24, 2023
Merged

Add configuration for not deployed profile #1345

merged 2 commits into from Apr 24, 2023

Conversation

Tobianas
Copy link
Contributor

@Tobianas Tobianas commented Apr 14, 2023
edited

Added changes to disable CSRF for localhost only
to make fab54d7 work.

JIRA:LIGHTY-213

@Tobianas Tobianas mentioned this pull request Apr 14, 2023
Closed
sonatype-lift[bot]
sonatype-lift bot reviewed Apr 14, 2023
View reviewed changes
.../main/java/io/lighty/core/controller/springboot/config/SecurityConfigurationNotDeployed.java
@@ -42,5 +44,4 @@ protected SecurityFilterChain auth0FilterChain(HttpSecurity httpSecurity) throws
.disable()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0% of developers fix this issue

SPRING_CSRF_PROTECTION_DISABLED: Disabling Spring Security's CSRF protection is unsafe for standard web applications

ℹ️ Expand to see all @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

Help us improve LIFT! (Sonatype LiftBot external survey)

Was this a good recommendation for you? Answering this survey will not impact your Lift settings.

[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ignore

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've recorded this as ignored for this pull request.
If you change your mind, just comment @sonatype-lift unignore.

@ihrasko ihrasko self-requested a review April 24, 2023 06:49
ihrasko and others added 2 commits April 24, 2023 08:53
@ihrasko
Enable CSRF
187ace3 
Enable CSRF and configure it so front end will be able to retrieve CSRF
cookie using JavaScript.

JIRA: LIGHTY-212
Signed-off-by: Ivan Hrasko <ivan.hrasko@pantheon.tech>
@Tobianas @ihrasko
Add configuration for not deployed profile
b90a581 
Added changes to disable CSRF when app is not deployed
to make fab54d7 work.

JIRA: LIGHTY-213
Signed-off-by: tobias.pobocik <tobias.pobocik@pantheon.tech>
Signed-off-by: Ivan Hrasko <ivan.hrasko@pantheon.tech>
@ihrasko ihrasko merged commit 3a16951 into PANTHEONtech:main Apr 24, 2023
7 checks passed
@Tobianas Tobianas deleted the configure-csrf branch April 30, 2024 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift left review comments

@ihrasko ihrasko ihrasko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Tobianas @ihrasko