From 307972e4af9608bb5ce69b283b18991175347197 Mon Sep 17 00:00:00 2001
From: Joep de Jong <j.dejong-16@student.tudelft.nl>
Date: Mon, 27 May 2024 20:16:33 +0300
Subject: [PATCH] Revert "Temporarily disable csrf (#493)" (#495)

This reverts commit b44cb5019c5711f1f051118557501426c0ddfe0d.
---
 src/main/java/ch/wisv/events/ChConnectConfiguration.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/main/java/ch/wisv/events/ChConnectConfiguration.java b/src/main/java/ch/wisv/events/ChConnectConfiguration.java
index 49c5d9db..56d1f8c4 100644
--- a/src/main/java/ch/wisv/events/ChConnectConfiguration.java
+++ b/src/main/java/ch/wisv/events/ChConnectConfiguration.java
@@ -13,7 +13,6 @@
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
@@ -70,7 +69,7 @@ public class ChConnectConfiguration {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .cors(Customizer.withDefaults())
-                .csrf(AbstractHttpConfigurer::disable)
+                .csrf(Customizer.withDefaults())
                 .authorizeHttpRequests((authorize) -> authorize
                     .requestMatchers("/administrator/**").hasRole("ADMIN")
                     .requestMatchers("/", "/management/health").permitAll()