Skip to content

Commit

Permalink
Disable CSRF protections
Browse files Browse the repository at this point in the history
Partially reverts #59
CORS is configurable via yaml config files, CSRF is not.

From my understanding, CSRF protection has to be managed separately by
the underlying webapps being proxified by the gateway.
  • Loading branch information
pmauduit committed Nov 6, 2023
1 parent 53622b9 commit c7beff1
Showing 1 changed file with 4 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,

log.info("Initializing security filter chain...");

// disable CSRF protection, considering it will be managed
// by proxified webapps, not the gateway.
http.csrf().disable();

http.formLogin()
.authenticationFailureHandler(new ExtendedRedirectServerAuthenticationFailureHandler("login?error"))
.loginPage("/login");
Expand Down

0 comments on commit c7beff1

Please sign in to comment.