From e3d1761f2946bd2165a2df90082c1e0c8ab91fb2 Mon Sep 17 00:00:00 2001
From: haijian <haijian@vaadin.com>
Date: Thu, 23 Sep 2021 22:49:45 +0300
Subject: [PATCH 1/2] feat: don't ignore endpoint request for Spring csrf check

---
 .../spring/security/VaadinWebSecurityConfigurerAdapter.java     | 2 --
 1 file changed, 2 deletions(-)

diff --git a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java
index 2050a77ab..efb2a627b 100644
--- a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java
+++ b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinWebSecurityConfigurerAdapter.java
@@ -89,8 +89,6 @@ protected void configure(HttpSecurity http) throws Exception {
         // Spring CSRF is not compatible with Vaadin internal requests
         http.csrf().ignoringRequestMatchers(
                 requestUtil::isFrameworkInternalRequest);
-        // nor with endpoints
-        http.csrf().ignoringRequestMatchers(requestUtil::isEndpointRequest);
 
         // Ensure automated requests to e.g. closing push channels, service
         // workers,

From 588df0f92b839958021574f22c52696be202b692 Mon Sep 17 00:00:00 2001
From: Anton Platonov <platosha@gmail.com>
Date: Fri, 8 Oct 2021 13:50:34 +0300
Subject: [PATCH 2/2] Fix: await for logout in IT test application

---
 .../test-spring-security-fusion/frontend/views/main-view.ts   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vaadin-spring-tests/test-spring-security-fusion/frontend/views/main-view.ts b/vaadin-spring-tests/test-spring-security-fusion/frontend/views/main-view.ts
index 32d7072f8..8122e9ca5 100644
--- a/vaadin-spring-tests/test-spring-security-fusion/frontend/views/main-view.ts
+++ b/vaadin-spring-tests/test-spring-security-fusion/frontend/views/main-view.ts
@@ -75,8 +75,8 @@ export class MainView extends Layout {
     `;
   }
 
-  private logout() {
-    logout();
+  private async logout() {
+    await logout();
     Router.go(router.urlForName('public'));
   }
   private getMenuRoutes(): RouteInfo[] {