You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/10/19 14:49:13 UTC
[cxf-fediz] branch 1.4.x-fixes updated: Adding CSRF part for the
login form
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/1.4.x-fixes by this push:
new e9a7cc1 Adding CSRF part for the login form
e9a7cc1 is described below
commit e9a7cc17d4291f71a03246c4bd94b014b5829d11
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Oct 19 15:20:59 2017 +0100
Adding CSRF part for the login form
---
services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
index f916dc2..e655065 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
@@ -40,7 +40,8 @@
<!-- HTTP/BA entry point for WS-Federation -->
<security:http pattern="/federation/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
+ <security:csrf />
+ <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].