Inaccurate javadoc text in setRequestHandler method from CsrfWebFilter class

**Expected Behavior**

In version 6.0, the default `ServerCsrfTokenRequestHandler` of the `CsrfWebFilter` class has changed to `XorServerCsrfTokenRequestAttributeHandler` and the javadoc of the `setRequestHandler` method should reflect this change.

**Current Behavior**

The javadoc of the `setRequestHandler` method still says that the default is the `ServerCsrfTokenRequestAttributeHandler`.

Although `XorServerCsrfTokenRequestAttributeHandler` is a subclass of `ServerCsrfTokenRequestAttributeHandler`, the behavior is quite different.

**Context**

[In this line](https://github.com/spring-projects/spring-security/blob/6.0.1/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java#L86), the `requestHandler` is initialized with a `XorServerCsrfTokenRequestAttributeHandler` instance.

And [in this line](https://github.com/spring-projects/spring-security/blob/6.0.1/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java#L107) the javadoc inform the default `ServerCsrfTokenRequestHandler`.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Inaccurate javadoc text in setRequestHandler method from CsrfWebFilter class #12465

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Inaccurate javadoc text in setRequestHandler method from CsrfWebFilter class #12465

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions