You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/10/19 14:21:14 UTC
[cxf-fediz] branch master updated: Adding CSRF part for the login
form
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push:
new 57f5cbd Adding CSRF part for the login form
57f5cbd is described below
commit 57f5cbd08a033258b2cc94ee6cb838da11479a5d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Oct 19 15:20:59 2017 +0100
Adding CSRF part for the login form
---
services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
index f916dc2..e655065 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
@@ -40,7 +40,8 @@
<!-- HTTP/BA entry point for WS-Federation -->
<security:http pattern="/federation/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
+ <security:csrf />
+ <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].