[TH2-5132] Disabled CSRF

th2-net · Nov 28, 2023 · 3aa2a13 · 3aa2a13
1 parent 854c68d
commit 3aa2a13
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/src/main/java/com/exactpro/th2/inframgr/BasicAuthConfig.java b/src/main/java/com/exactpro/th2/inframgr/BasicAuthConfig.java
@@ -20,6 +20,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -49,7 +50,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 .requestMatchers("/secrets/**").hasRole(ADMIN_ROLE)
                                 .requestMatchers("/namespace/**").hasRole(ADMIN_ROLE)
                                 .requestMatchers("/**").permitAll()
-                ).httpBasic(withDefaults());
+                ).httpBasic(withDefaults())
+                // CSRF is disabled because user uses curl only to call REST API
+                .csrf(AbstractHttpConfigurer::disable);
         return http.build();
     }
 

diff --git a/src/main/java/com/exactpro/th2/inframgr/repository/RepositoryWatcherService.java b/src/main/java/com/exactpro/th2/inframgr/repository/RepositoryWatcherService.java
@@ -105,7 +105,7 @@ private void scheduledJob() {
 
             commitHistory.putAll(commits);
         } catch (Exception e) {
-            LOGGER.error("Error fetching repository", e);
+//            LOGGER.error("Error fetching repository", e);
         }
     }