This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online: https://github.com/apache/tomcat/commit/11ad208a44e31c83656e021f7ecb3c4b06962e64 commit 11ad208a44e31c83656e021f7ecb3c4b06962e64 Author: Christopher Schultz <ch...@christopherschultz.net> AuthorDate: Tue Nov 19 12:57:23 2019 -0500 Move initialization of CSRF REST nonce header name context attribute into the RestCsrfPreventionFilter where it belongs. --- java/org/apache/catalina/filters/CsrfPreventionFilter.java | 5 ----- .../apache/catalina/filters/RestCsrfPreventionFilter.java | 12 ++++++++++++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java b/java/org/apache/catalina/filters/CsrfPreventionFilter.java index fe4399f..7be6ac0 100644 --- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java +++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java @@ -104,11 +104,6 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase { filterConfig.getServletContext().setAttribute( Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY, nonceRequestParameterName); - - // Put the expected request header name into the application scope - filterConfig.getServletContext().setAttribute( - Constants.CSRF_REST_NONCE_HEADER_NAME_KEY, - Constants.CSRF_REST_NONCE_HEADER_NAME); } @Override diff --git a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java index b4fb4bb..8587cf5 100644 --- a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java +++ b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java @@ -23,6 +23,7 @@ import java.util.Set; import java.util.regex.Pattern; import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @@ -86,6 +87,17 @@ public class RestCsrfPreventionFilter extends CsrfPreventionFilterBase { private String pathsDelimiter = ","; @Override + public void init(FilterConfig filterConfig) throws ServletException { + // Set the parameters + super.init(filterConfig); + + // Put the expected request header name into the application scope + filterConfig.getServletContext().setAttribute( + Constants.CSRF_REST_NONCE_HEADER_NAME_KEY, + Constants.CSRF_REST_NONCE_HEADER_NAME); + } + + @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
