fix(auth): add workaround to get csrf on cookie

informatique-cdc · Jul 30, 2024 · 067d6c4 · 067d6c4
1 parent 11a733e
commit 067d6c4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/src/main/java/fr/icdc/ebad/config/jwt/JwtConfiguration.java b/src/main/java/fr/icdc/ebad/config/jwt/JwtConfiguration.java
@@ -89,6 +89,7 @@ public SecurityFilterChain configure(HttpSecurity http) throws Exception {
         cookieCsrfTokenRepository.setCookieName("XSRF-TOKEN");
         cookieCsrfTokenRepository.setCookieHttpOnly(false);
         CsrfTokenRequestAttributeHandler requestHandler = new CsrfTokenRequestAttributeHandler();
+        requestHandler.setCsrfRequestAttributeName(null);
 
 
 

diff --git a/src/main/java/fr/icdc/ebad/config/oauth/Oauth2Configuration.java b/src/main/java/fr/icdc/ebad/config/oauth/Oauth2Configuration.java
@@ -45,6 +45,7 @@ public PasswordEncoder passwordEncoder() {
     @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         CsrfTokenRequestAttributeHandler requestHandler = new CsrfTokenRequestAttributeHandler();
+        requestHandler.setCsrfRequestAttributeName(null);
 
         CookieCsrfTokenRepository cookieCsrfTokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
         cookieCsrfTokenRepository.setCookiePath("/");