Skip to content

feat: don't ignore endpoint request for Spring csrf check #908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 11, 2021
Merged

feat: don't ignore endpoint request for Spring csrf check #908

merged 7 commits into from
Oct 11, 2021

Conversation

@haijian-vaadin
Copy link

@haijian-vaadin haijian-vaadin commented Sep 23, 2021
edited
Loading

@haijian-vaadin haijian-vaadin added the fusion Changes required for fusion label Sep 23, 2021
platosha
platosha reviewed Oct 11, 2021
View reviewed changes
vaadin-spring-tests/test-spring-security-fusion/frontend/views/main-view.ts
private logout() {
logout();
private async logout() {
await logout();
Copy link

@platosha platosha Oct 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Endpoint calls might be rejected for invalid CSRF during the brief period between the logout request and the logout response, which updates the CSRF token. This was causing an error in IT test.

The UI should await until the logout resolves before navigating to the logout success location.

@platosha platosha merged commit c10bbd6 into master Oct 11, 2021
@platosha platosha deleted the haijian/reuse-spring-csrf branch October 11, 2021 09:40
@vaadin-bot
Copy link
Collaborator

vaadin-bot commented Oct 11, 2021

This ticket/PR has been released with platform 22.0.0.alpha7 and is also targeting the upcoming stable 22.0.0 version.

manolo pushed a commit to vaadin/flow that referenced this pull request Feb 8, 2022
@haijian-vaadin @platosha @ZheSun88
feat: don't ignore endpoint request for Spring csrf check
ea7c0a5 
vaadin/spring#908

* feat: don't ignore endpoint request for Spring csrf check

* Fix: await for logout in IT test application

Co-authored-by: Anton Platonov <anton@vaadin.com>
Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Co-authored-by: Anton Platonov <platosha@gmail.com>
manolo pushed a commit to vaadin/flow that referenced this pull request Feb 8, 2022
@haijian-vaadin @platosha @ZheSun88
feat: don't ignore endpoint request for Spring csrf check
386c1c7 
vaadin/spring#908

* feat: don't ignore endpoint request for Spring csrf check

* Fix: await for logout in IT test application

Co-authored-by: Anton Platonov <anton@vaadin.com>
Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Co-authored-by: Anton Platonov <platosha@gmail.com>
platosha added a commit to vaadin/hilla that referenced this pull request May 24, 2022
@haijian-vaadin @platosha @ZheSun88
feat: don't ignore endpoint request for Spring csrf check
8fdf119 
vaadin/spring#908

* feat: don't ignore endpoint request for Spring csrf check

* Fix: await for logout in IT test application

Co-authored-by: Anton Platonov <anton@vaadin.com>
Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Co-authored-by: Anton Platonov <platosha@gmail.com>
platosha added a commit to vaadin/hilla that referenced this pull request May 31, 2022
@haijian-vaadin @platosha @ZheSun88
feat: don't ignore endpoint request for Spring csrf check
8faf5a3 
vaadin/spring#908

* feat: don't ignore endpoint request for Spring csrf check

* Fix: await for logout in IT test application

Co-authored-by: Anton Platonov <anton@vaadin.com>
Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Co-authored-by: Anton Platonov <platosha@gmail.com>
vercel-talented added a commit to vercel-talented/hilla-react that referenced this pull request May 4, 2024
@vercel-talented @platosha @ZheSun88
feat: don't ignore endpoint request for Spring csrf check
64d3e9c 
vaadin/spring#908

* feat: don't ignore endpoint request for Spring csrf check

* Fix: await for logout in IT test application

Co-authored-by: Anton Platonov <anton@vaadin.com>
Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Co-authored-by: Anton Platonov <platosha@gmail.com>
byte-dev-hubs added a commit to byte-dev-hubs/hila-java that referenced this pull request May 12, 2024
@byte-dev-hubs @platosha @ZheSun88
feat: don't ignore endpoint request for Spring csrf check
5154514 
vaadin/spring#908

* feat: don't ignore endpoint request for Spring csrf check

* Fix: await for logout in IT test application

Co-authored-by: Anton Platonov <anton@vaadin.com>
Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Co-authored-by: Anton Platonov <platosha@gmail.com>
AceDev24 pushed a commit to AceDev24/hiliaGround that referenced this pull request Sep 3, 2024
@haijian-vaadin @platosha @ZheSun88
feat: don't ignore endpoint request for Spring csrf check
eb7dadb 
vaadin/spring#908

* feat: don't ignore endpoint request for Spring csrf check

* Fix: await for logout in IT test application

Co-authored-by: Anton Platonov <anton@vaadin.com>
Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Co-authored-by: Anton Platonov <platosha@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@platosha platosha platosha left review comments

+1 more reviewer

@Haprog Haprog Haprog approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

fusion Changes required for fusion prerelease version for platform 22.0.0 Released with Platform 22.0.0.alpha7

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@haijian-vaadin @vaadin-bot @Haprog @platosha @ZheSun88