File tree Expand file tree Collapse file tree 1 file changed +12
-1
lines changed
service/src/main/java/com/ericsson/eiffel/remrem/generate/config Expand file tree Collapse file tree 1 file changed +12
-1
lines changed Original file line number Diff line number Diff line change 34
34
public class DisabledSecurityConfig extends WebSecurityConfigurerAdapter {
35
35
@ Override
36
36
protected void configure (HttpSecurity http ) throws Exception {
37
- http .authorizeRequests ().anyRequest ().permitAll ().and ().csrf ().disable ();
37
+ http .authorizeRequests ()
38
+ .anyRequest ()
39
+ .permitAll ()
40
+ .and ()
41
+ .csrf ()
42
+ // The application uses non-browser clients. Yes, there is swagger interface,
43
+ // but is's used only for testing/tuning.
44
+ //
45
+ // From https://docs.spring.io/spring-security/reference/features/exploits/csrf.html
46
+ // "If you are creating a service that is used only by non-browser clients,
47
+ // you likely want to disable CSRF protection."
48
+ .disable ();
38
49
}
39
50
}
You can’t perform that action at this time.
0 commit comments