Skip to content

CsrfAuthenticationStrategy is not consistent with CsrfFilter #12235

New issue
New issue
Closed
Closed
CsrfAuthenticationStrategy is not consistent with CsrfFilter#12235
Assignees
sjohnr
Labels
in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: bugA general bug
Milestone
 
6.0.0
@sjohnr

Description

@sjohnr
sjohnr
opened on Nov 17, 2022

We should default to Xor CSRF tokens in 6.0, but CsrfAuthenticationStrategy still uses CsrfTokenRequestAttributeHandler by default instead of XorCsrfTokenRequestAttributeHandler.

Related gh-11960

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions