You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/10/19 14:53:27 UTC
[cxf-fediz] branch 1.3.x-fixes updated: Adding CSRF part for the
login form
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/1.3.x-fixes by this push:
new ff25d3d Adding CSRF part for the login form
ff25d3d is described below
commit ff25d3d658948835c2ee5c85a3f56ff778a34045
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Oct 19 15:20:59 2017 +0100
Adding CSRF part for the login form
---
services/idp/src/main/webapp/WEB-INF/security-config.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/services/idp/src/main/webapp/WEB-INF/security-config.xml b/services/idp/src/main/webapp/WEB-INF/security-config.xml
index d8891e5..87ba841 100644
--- a/services/idp/src/main/webapp/WEB-INF/security-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/security-config.xml
@@ -92,6 +92,7 @@
<!-- HTTP/BA entry point -->
<security:http pattern="/federation/up/**" use-expressions="true">
+ <security:csrf />
<security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].