New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make CSRF filter consider either the cookie or the session, but not both #8549

Merged
merged 1 commit into from Aug 4, 2018

Conversation

Projects
None yet
4 participants
@gmethvin
Copy link
Member

gmethvin commented Aug 2, 2018

Fixes #8548.

If configured to use a cookie, the CSRF filter will only check the cookie. If configured to use the Play session, it will only check the session.

@rakeshhny
Copy link

rakeshhny left a comment

Hi @gmethvin

As per the guidelines, when contributing into Playframework then any change we do in Scala then we should also do the same change in Java and vice versa.

In this pull request I see change only in the scala file.

Can you please also make change in the respecitive Java file as well?

Please note that I am new to open source contribution so kindly accept my appologies if this comment is irrelevent.

Thank you,
Rakesh

@gmethvin gmethvin force-pushed the gmethvin:csrf-cookie-session branch from 8dc7f77 to 55e2d9a Aug 2, 2018

@gmethvin

This comment has been minimized.

Copy link
Member

gmethvin commented Aug 2, 2018

@rakeshhny There's only one version of the CSRF filter, for both Java and Scala apps, and this helper is also used by the CSRF Java action annotations. I added a test to CSRFCommonSpecs, which is used to test the Java action helpers as well.

@gmethvin gmethvin merged commit 9ca59df into playframework:master Aug 4, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
typesafe-cla-validator All users have signed the CLA
Details

@gmethvin gmethvin deleted the gmethvin:csrf-cookie-session branch Aug 4, 2018

gmethvin added a commit that referenced this pull request Aug 4, 2018

@gmethvin

This comment has been minimized.

Copy link
Member

gmethvin commented Aug 4, 2018

backported to 2.6.x: 0e67ce5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment