This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new f651d87 Move initialization of CSRF REST nonce header name context
attribute into the RestCsrfPreventionFilter where it belongs.
f651d87 is described below
commit f651d876366668fe53f7f03a6b52f0570f38cd03
Author: Christopher Schultz <[email protected]>
AuthorDate: Tue Nov 19 12:57:23 2019 -0500
Move initialization of CSRF REST nonce header name context attribute into
the RestCsrfPreventionFilter where it belongs.
---
java/org/apache/catalina/filters/CsrfPreventionFilter.java | 5 -----
.../apache/catalina/filters/RestCsrfPreventionFilter.java | 12 ++++++++++++
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index 8a09cfb..621cd6d 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -104,11 +104,6 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
filterConfig.getServletContext().setAttribute(
Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
nonceRequestParameterName);
-
- // Put the expected request header name into the application scope
- filterConfig.getServletContext().setAttribute(
- Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
- Constants.CSRF_REST_NONCE_HEADER_NAME);
}
@Override
diff --git a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
index 649464b..44f5da1 100644
--- a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
@@ -25,6 +25,7 @@ import java.util.function.Predicate;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -89,6 +90,17 @@ public class RestCsrfPreventionFilter extends
CsrfPreventionFilterBase {
private String pathsDelimiter = ",";
@Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ // Set the parameters
+ super.init(filterConfig);
+
+ // Put the expected request header name into the application scope
+ filterConfig.getServletContext().setAttribute(
+ Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
+ Constants.CSRF_REST_NONCE_HEADER_NAME);
+ }
+
+ @Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
