-
Notifications
You must be signed in to change notification settings - Fork 6k
Allow maximum age of csrf cookie to be configured #9196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Allows maxAge of the generated cookie by CookieCsrfTokenRepository to be configurable. Prior to this commit, maximum age was set with a value of -1. After this commit, it will be configured by the user with an either positive or negative value. If the user does not provide a value, it will be set -1. An IllegalArgumentException will be thrown when this value is set to zero. Closes spring-projectsgh-9195
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! I've provided feedback inline.
web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
Outdated
Show resolved
Hide resolved
The automated build fails because of a dependency error from spring maven repository. How can we solve that?
|
Changes assertion message format from 'X is not null' to 'X cannot be null' since this is more meaningful when the error occurs and the message is printed in the logs. Closes spring-projectsgh-9195
Sorry for the issue you experienced with the build, @sedran - it was due to an infrastructural change with Spring's Maven repositories. If you rebase, then the error should be addressed. |
I have amend/force-pushed my branch to trigger auto build as soon as I see the CI status of the project is green. Is there anything I can do for this PR to be merged? Please let me know. Thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates and the ping. The changes look good to me
Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.
Prior to this commit, maximum age was set with a value of -1.
After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.
An IllegalArgumentException will be thrown when
this value is set to zero.
Closes gh-9195