Revert "Temporarily disable csrf (#493)" (#495)

This reverts commit b44cb50.
WISVCH · May 27, 2024 · 307972e · 307972e
1 parent b44cb50
commit 307972e
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/src/main/java/ch/wisv/events/ChConnectConfiguration.java b/src/main/java/ch/wisv/events/ChConnectConfiguration.java
@@ -13,7 +13,6 @@
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
@@ -70,7 +69,7 @@ public class ChConnectConfiguration {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .cors(Customizer.withDefaults())
-                .csrf(AbstractHttpConfigurer::disable)
+                .csrf(Customizer.withDefaults())
                 .authorizeHttpRequests((authorize) -> authorize
                     .requestMatchers("/administrator/**").hasRole("ADMIN")
                     .requestMatchers("/", "/management/health").permitAll()