Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 00:15:44 +01:00
Code Issues Packages Projects Releases Activity

re implement xsrf protection for scm-manager 2.0.0

Browse Source
This commit is contained in:
Sebastian Sdorra
2017-01-12 22:16:14 +01:00
parent 46d8b58810
commit 4e62f9552a
9 changed files with 204 additions and 500 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
View File

@@ -184,7 +184,10 @@ public class AuthenticationResource
// TODO: should be configureable
c.setMaxAge((int) TimeUnit.SECONDS.convert(10, TimeUnit.HOURS));
c.setHttpOnly(true);
// set http only flag only xsrf protection is disabled,
// because we have to extract the xsrf key with javascript in the wui
c.setHttpOnly(!configuration.isEnabledXsrfProtection());
response.addCookie(c);
state = stateFactory.createState(subject);
}