Expected Behavior
I can configure a custom CookieCsrfTokenRepository and use it in the spa()-configurationMethod:
CookieCsrfTokenRepository customCookieRepo = CookieCsrfTokenRepository.withHttpOnlyFalse();
customCookieRepo .setCookieName( customCookieName );
customCookieRepo .setHeaderName( customHeaderName );
http.csrf(csrf -> csrf.spa( customCookieRepo ));
Goal: to have a little more convenience and a more intuitive configuration.
Current Behavior
http.csrf(csrf -> csrf.spa());
was introduced with the new version - short and elegant, but it lacks the possibility to configure the CookieCsrfTokenRepository with a custom cookieName etc.,
Context
I need to configure a custom cookieName (our reverse proxy in the infrastructure requires each application to use a unique cookieName), which made me -after some investigation - add an additional line:
http.csrf(csrf -> csrf.spa());
csrf.csrfTokenRepository( customCookieRepo ))
I am not sure, if this was the intended solution for this case ?
Of course, that’s not a big problem, but it’s not very pretty either, and in my opinion, it’s certainly not intuitive.
The biggest issue here is that it’s not intuitive, and it takes time to understand how spa() works and how you can still set the CsrfTokenRepository.
Expected Behavior
I can configure a custom CookieCsrfTokenRepository and use it in the spa()-configurationMethod:
CookieCsrfTokenRepository customCookieRepo = CookieCsrfTokenRepository.withHttpOnlyFalse();customCookieRepo .setCookieName( customCookieName );customCookieRepo .setHeaderName( customHeaderName );http.csrf(csrf -> csrf.spa( customCookieRepo ));Goal: to have a little more convenience and a more intuitive configuration.
Current Behavior
http.csrf(csrf -> csrf.spa());was introduced with the new version - short and elegant, but it lacks the possibility to configure the CookieCsrfTokenRepository with a custom cookieName etc.,
Context
I need to configure a custom cookieName (our reverse proxy in the infrastructure requires each application to use a unique cookieName), which made me -after some investigation - add an additional line:
http.csrf(csrf -> csrf.spa());csrf.csrfTokenRepository( customCookieRepo ))I am not sure, if this was the intended solution for this case ?
Of course, that’s not a big problem, but it’s not very pretty either, and in my opinion, it’s certainly not intuitive.
The biggest issue here is that it’s not intuitive, and it takes time to understand how
spa()works and how you can still set theCsrfTokenRepository.