Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-10 23:45:44 +01:00
Code Issues Packages Projects Releases Activity

enabled xsrf be default and remove claim prefix to reduce size

Browse Source
This commit is contained in:
Sebastian Sdorra
2017-01-14 18:26:11 +01:00
parent 7d6d23b04d
commit 76384de26f
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
View File

@@ -734,5 +734,5 @@ public class ScmConfiguration
* @since 1.47 * @since 1.47
*/ */
@XmlElement(name = "xsrf-protection") @XmlElement(name = "xsrf-protection")
private boolean enabledXsrfProtection = false; private boolean enabledXsrfProtection = true;
} }

2
scm-webapp/src/main/java/sonia/scm/security/Xsrf.java
View File

@@ -40,7 +40,7 @@ public final class Xsrf {
static final String HEADER_KEY = "X-XSRF-Token"; static final String HEADER_KEY = "X-XSRF-Token";
static final String CLAIMS_KEY = "scm-manager.org/xsrf"; static final String CLAIMS_KEY = "xsrf";
private Xsrf() { private Xsrf() {
} }

2
scm-webapp/src/main/webapp/resources/js/security/sonia.security.js
View File

@@ -39,7 +39,7 @@ Sonia.security.getXsrfToken = function() {
tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/'); tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/');
if (window.atob) { if (window.atob) {
var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed)); var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed));
return token['scm-manager.org/xsrf']; return token['xsrf'];
} else if (debug) { } else if (debug) {
console.log('ERROR: browser does not support window.atob'); console.log('ERROR: browser does not support window.atob');
} }