Add cookiePath to CookieCsrfTokenRepository #4062
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When using Spring Security to secure a REST API and a JS frontend I run the REST API using Tomcat and the frontend using NPM. Both tomcat and NPM are exposed via an NGINX reverse proxy which forwards / to NPM and /api to tomcat.
I ran into an issue implementing CSRF protection with an AngularJS app in which making a request to tomcat at /api the CSRF cookie's path would be set to /api. In order for Angular to be able to see the cookie the path needs to be set to /. This pull request would allow for the CSRF cookie's path to be set explicitly instead of being derived from the request context and would only set the path if the developer explicitly wanted to otherwise it will default to using the request context.