Allow maximum age of csrf cookie to be configured #9196
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
Allows maxAge of the generated cookie by CookieCsrfTokenRepository to be configurable. Prior to this commit, maximum age was set with a value of -1. After this commit, it will be configured by the user with an either positive or negative value. If the user does not provide a value, it will be set -1. An IllegalArgumentException will be thrown when this value is set to zero. Closes spring-projectsgh-9195
web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
Outdated
Show resolved
Hide resolved
|
The automated build fails because of a dependency error from spring maven repository. How can we solve that? |
Changes assertion message format from 'X is not null' to 'X cannot be null' since this is more meaningful when the error occurs and the message is printed in the logs. Closes spring-projectsgh-9195
|
Sorry for the issue you experienced with the build, @sedran - it was due to an infrastructural change with Spring's Maven repositories. If you rebase, then the error should be addressed. |
I have amend/force-pushed my branch to trigger auto build as soon as I see the CI status of the project is green. Is there anything I can do for this PR to be merged? Please let me know. Thanks. |
jzheaux
added
in: web
Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.
Prior to this commit, maximum age was set with a value of -1.
After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.
An IllegalArgumentException will be thrown when
this value is set to zero.
Closes gh-9195