[tomcat] branch 8.5.x updated: No need to create a nonce cache if you aren't going to create a nonce

Tue, 10 May 2022 06:47:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 84fa8914b9 No need to create a nonce cache if you aren't going to 
create a nonce
84fa8914b9 is described below

commit 84fa8914b9b24cf526b757163c8b9d60ff2ec24a
Author: Mark Thomas <[email protected]>
AuthorDate: Tue May 10 14:47:13 2022 +0100

    No need to create a nonce cache if you aren't going to create a nonce
---
 .../catalina/filters/CsrfPreventionFilter.java     | 24 +++++++++++-----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java 
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index 4e179d1c18..2f811c226b 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -163,23 +163,23 @@ public class CsrfPreventionFilter extends 
CsrfPreventionFilterBase {
                 }
             }
 
-            if (nonceCache == null) {
-                if(log.isDebugEnabled()) {
-                    log.debug("Creating new CSRF nonce cache with size=" + 
nonceCacheSize + " for session " + (null == session ? "(will create)" : 
session.getId()));
-                }
-
-                if (session == null) {
+            if (!skipNonceGeneration(req)) {
+                if (nonceCache == null) {
                     if(log.isDebugEnabled()) {
-                         log.debug("Creating new session to store CSRF nonce 
cache");
+                        log.debug("Creating new CSRF nonce cache with size=" + 
nonceCacheSize + " for session " + (null == session ? "(will create)" : 
session.getId()));
                     }
 
-                    session = req.getSession(true);
-                }
+                    if (session == null) {
+                        if(log.isDebugEnabled()) {
+                             log.debug("Creating new session to store CSRF 
nonce cache");
+                        }
 
-                nonceCache = createNonceCache(req, session);
-            }
+                        session = req.getSession(true);
+                    }
+
+                    nonceCache = createNonceCache(req, session);
+                }
 
-            if (!skipNonceGeneration(req)) {
                 String newNonce = generateNonce(req);
 
                 nonceCache.add(newNonce);


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to