Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

Closed
jzheaux opened this issue Dec 7, 2018 · 0 comments · Fixed by #6278
Closed

Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

jzheaux opened this issue Dec 7, 2018 · 0 comments · Fixed by #6278
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
5.2.0.M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Dec 7, 2018

Related to #6220

The CookieCsrfTokenRepository attempts to use the setHttpOnly method only if that method is available in javax.servlet.http.Cookie.

Since Spring Framework 5.0 has a Servlet Spec baseline of 3.1, this check is no longer necessary.

We should always use the setHttpOnly method and remove any corresponding Servlet 2.5 or 3.0 tests.
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Dec 7, 2018
@jzheaux jzheaux added this to the 5.2.0.M1 milestone Dec 7, 2018
@jzheaux jzheaux mentioned this issue Dec 7, 2018
Closed
7 tasks
@jzheaux jzheaux changed the title Remove Servlet Spec 2.5 Support for CSRF Remove Servlet Spec 2.5 and 3.0 Support for CSRF Dec 7, 2018
@jzheaux jzheaux mentioned this issue Dec 12, 2018
Merged
dongmyo added a commit to dongmyo/spring-security-1 that referenced this issue Dec 14, 2018
@dongmyo
Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF
877ed41 
Fixes: spring-projectsgh-6263, Fixes: spring-projectsgh-6262
jzheaux pushed a commit that referenced this issue Dec 14, 2018
@dongmyo @jzheaux
Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF
fc802e1 
Fixes: gh-6263, Fixes: gh-6262
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M1
Development

Successfully merging a pull request may close this issue.

Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF dongmyo/spring-security-1
1 participant
@jzheaux