ср, 20 нояб. 2019 г. в 22:20, <[email protected]>:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> schultz pushed a commit to branch 8.5.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> View the commit online:
> https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70c2ddfc8d676
>
> commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
> Author: Christopher Schultz <[email protected]>
> AuthorDate: Tue Nov 19 12:54:45 2019 -0500
>
> Allow customization of the CSRF prevention filter's request parameter
> name.
> ---
> .../catalina/filters/CsrfPreventionFilter.java | 24
> +++++++++++++++++-----
> webapps/docs/changelog.xml | 5 +++--
> 2 files changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> index cd1b576..fe4399f 100644
> --- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> +++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
[...]
> - public CsrfResponseWrapper(HttpServletResponse response, String
> nonce) {
> + public CsrfResponseWrapper(HttpServletResponse response, String
> nonceRequestParameterName, String nonce) {
> super(response);
> + this.nonceRequestParameterName = nonceRequestParameterName;
> this.nonce = nonce;
> }
Tests need to be adjusted, as they use the constructor above.
See remm's commit on master for a fix,
https://github.com/apache/tomcat/commit/9d7cb5468fbf2df4709c222b472bd86a26c9d4b6
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
