-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide native image builds #27
base: main
Are you sure you want to change the base?
Conversation
…into native-image-builds
NimbusJwtDecoder decoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build(); | ||
OAuth2TokenValidator<Jwt> delegatingValidator = new DelegatingOAuth2TokenValidator<>(); | ||
decoder.setJwtValidator(delegatingValidator); | ||
return decoder; | ||
} | ||
|
||
private void configureBase(HttpSecurity http) throws Exception { | ||
http.csrf().disable().headers().frameOptions().disable().and().cors(); | ||
http.csrf(csrf -> csrf.disable()).headers(headers -> headers.frameOptions(FrameOptionsConfig::disable)) |
Check failure
Code scanning / CodeQL
Disabled Spring CSRF protection High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 months ago
To fix the problem, we need to enable CSRF protection by removing the csrf.disable()
call. This will ensure that CSRF tokens are required for state-changing requests, thereby protecting the application from CSRF attacks.
- Remove the
csrf.disable()
call from theconfigureBase
method. - Ensure that CSRF protection is enabled by default.
-
Copy modified line R76
@@ -75,3 +75,3 @@ | ||
private void configureBase(HttpSecurity http) throws Exception { | ||
http.csrf(csrf -> csrf.disable()).headers(headers -> headers.frameOptions(FrameOptionsConfig::disable)) | ||
http.csrf(withDefaults()).headers(headers -> headers.frameOptions(FrameOptionsConfig::disable)) | ||
.cors(withDefaults()); |
Description
native
maven profile in buildkeycloak
profile supportReference
Issues #24