This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 1fcc216e2a87d5223c5e2be1a2ab43a6851242ef
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 10 16:14:51 2022 +0100
Allow sub-class to decide if session being null is an issue or not
---
java/org/apache/catalina/filters/CsrfPreventionFilter.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index dee418ca63..fca530d6d6 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -120,7 +120,7 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
HttpSession session = req.getSession(false);
- NonceCache<String> nonceCache = (session == null) ? null :
getNonceCache(req, session);
+ NonceCache<String> nonceCache = getNonceCache(req, session);
if (!skipNonceCheck(req)) {
String previousNonce =
req.getParameter(nonceRequestParameterName);
@@ -265,6 +265,9 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
* and/or session
*/
protected NonceCache<String> getNonceCache(HttpServletRequest request,
HttpSession session) {
+ if (session == null) {
+ return null;
+ }
@SuppressWarnings("unchecked")
NonceCache<String> nonceCache =
(NonceCache<String>)
session.getAttribute(Constants.CSRF_NONCE_SESSION_ATTR_NAME);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
