Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes for the CSRF filter #1737

Merged
merged 1 commit into from
Oct 3, 2013
Merged

Fixes for the CSRF filter #1737

merged 1 commit into from
Oct 3, 2013

Commits on Oct 1, 2013

  1. Fixes for the CSRF filter 

    * Fixes playframework#1734, custom token generator feature reinstatement
* Fixes playframework#1728, ensured CSRFFilter can be instantiated without a running
  application
* Added a csrf.sign.tokens conifguration option to switch between
  default CSRF token providers, either signed or unsigned.
* Abstracted tests so they can be run on many different permutations of
  configuration
* Added documentation about all the different configuration options

This commit breaks binary compatibility, the CSRFFilter constructor
parameters are now not lazy, and CSRFFilter is no longer a case class,
so many of the methods it used to provide are no longer there.  This was
deemed necessary because the intended use of CSRFFilter, ie:

    object Global extends WithFilters(CSRFFilter()) with GlobalSettings

was not possible with the old constructor.  The constructor is however
still source compatible for most use cases.

Since that constructor is intentionally breaking binary compatibility,
new parameters that were added for custom token generation and
configuration signing were added without consideration for binary
compatibility, only source compatibility.
    @jroper
    jroper committed Oct 1, 2013
    Configuration menu
    Copy the full SHA
    8609d12 View commit details
    Browse the repository at this point in the history