Default to Xor CSRF protection · Issue #11960 · spring-projects/spring-security · GitHub

Default to Xor CSRF protection #11960

Closed

Assignees

Labels

in: webtype: breaks-passivity

Milestone

opened

We should default to Xor CSRF tokens in 6.0:

Use XorCsrfTokenRequestAttributeHandler in CsrfFilter
Use XorServerCsrfTokenRequestAttributeHandler in CsrfWebFilter

Related gh-4001

Metadata

Assignees

sjohnr

Labels

in: webtype: breaks-passivity

Type

No type

Projects

No projects

Milestone

6.0.0-RC1

Relationships

None yet

Development

No branches or pull requests