Add xsrf token header if cookie is present (#9471) #10953
Conversation
|
|
tepi
force-pushed
the
issue_9471
branch
2 times, most recently
from
59a3981
to
778e751
Compare
|
Review status: 0 of 3 files reviewed at latest revision, all discussions resolved, some commit checks failed. a discussion (no related file): server/src/main/resources/VAADIN/vaadinBootstrap.js, line 39 at r2 (raw file):
extra spaces server/src/main/resources/VAADIN/vaadinBootstrap.js, line 203 at r2 (raw file):
extra spaces Comments from Reviewable |
|
Review status: 0 of 3 files reviewed at latest revision, 3 unresolved discussions, some commit checks failed. a discussion (no related file): Previously, elmot (Ilia Motornyi) wrote…
This change does nothing to application security as-is. It just checks for the value in the cookie and adds it to the custom header. This enables use cases where the server is adding this cookie and expects the header to be present in all requests. Comments from Reviewable |
|
Review status: 0 of 3 files reviewed at latest revision, 3 unresolved discussions, some commit checks failed. server/src/main/resources/VAADIN/vaadinBootstrap.js, line 39 at r2 (raw file): Previously, elmot (Ilia Motornyi) wrote…
I run both, it did no changes to this file (or the other one you commented on). What exactly is wrong? Comments from Reviewable |
|
Review status: 0 of 3 files reviewed at latest revision, 3 unresolved discussions. server/src/main/resources/VAADIN/vaadinBootstrap.js, line 39 at r2 (raw file): Previously, tepi (Teppo Kurki) wrote…
Never mind, found the issue and fixed. server/src/main/resources/VAADIN/vaadinBootstrap.js, line 203 at r2 (raw file): Previously, elmot (Ilia Motornyi) wrote…
Never mind, found the issue and fixed. Comments from Reviewable |
|
Closed in favor of #11034 |
Adds custom X-XSRF-TOKEN header to requests, if XSRF-TOKEN cookie is set
Fixes #9471
Check when you have completed
[ ] Valid tests for the pull request
[x] Contributing guidelines implemented
This change is