[Bug 65853] [CsrfPreventionFilter] Extract evaluation of skipNonceCheck into overridable method

bugzilla Fri, 28 Jan 2022 01:00:29 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=65853


--- Comment #1 from Marvin Fröhlich <apa...@froehlich-mail.net> ---
Sorry, my suggested implementation was a little rushed. Here is a corrected
version.

####################
protected boolean getSkipNonceCheck(HttpServletRequest request) {
    if (!Constants.METHOD_GET.equals(request.getMethod()))
        return false;

    String reqPath = getRequestedPath(request);

    if (!entryPoints.contains(reqPath))
        return false;

    if (log.isTraceEnabled())
        log.trace("Skipping CSRF nonce-check for GET request to entry point " +
reqPath);

    return true;
}
####################

doFilter()
####################
boolean skipNonceCheck = getSkipNonceCheck(req);
####################

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65853] [CsrfPreventionFilter] Extract evaluation of skipNonceCheck into overridable method

Reply via email to