New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add configuration for not deployed profile #1345
Conversation
...src/main/java/io/lighty/core/controller/springboot/config/SecurityConfigurationDeployed.java
Outdated
Show resolved
Hide resolved
...src/main/java/io/lighty/core/controller/springboot/config/SecurityConfigurationDeployed.java
Outdated
Show resolved
Hide resolved
@@ -42,5 +44,4 @@ protected SecurityFilterChain auth0FilterChain(HttpSecurity httpSecurity) throws | |||
.disable() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SPRING_CSRF_PROTECTION_DISABLED: Disabling Spring Security's CSRF protection is unsafe for standard web applications
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
Command | Usage |
---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Help us improve LIFT! (Sonatype LiftBot external survey)
Was this a good recommendation for you? Answering this survey will not impact your Lift settings.
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ignore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've recorded this as ignored for this pull request.
If you change your mind, just comment @sonatype-lift unignore
.
c685ce7
to
9ea7973
Compare
Enable CSRF and configure it so front end will be able to retrieve CSRF cookie using JavaScript. JIRA: LIGHTY-212 Signed-off-by: Ivan Hrasko <ivan.hrasko@pantheon.tech>
Added changes to disable CSRF when app is not deployed to make fab54d7 work. JIRA: LIGHTY-213 Signed-off-by: tobias.pobocik <tobias.pobocik@pantheon.tech> Signed-off-by: Ivan Hrasko <ivan.hrasko@pantheon.tech>
Added changes to disable CSRF for localhost only
to make fab54d7 work.
JIRA:LIGHTY-213