Reimplement CSRF feature as ServerRequestFilter with form read #29977
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #29763.
This PR restores the previous CSRF feature ServerRequestFilter implementation and adds
@WithFormRead
, adds a test confirming the filter is effective if noFormParam
is available in the method signature.@geoand Even though the CSRF feature just can't settle on one concrete implementation, the good news is that the enhancement you added to support the config injection to
ServerRestHandler
and a neat fix to handleSecureRandom
in native image inServerRestHandler
would be of help to other users for sure, and who knows, maybe CSRF feature will becomeServerRestHandler
again :-)