From b44cb5019c5711f1f051118557501426c0ddfe0d Mon Sep 17 00:00:00 2001 From: Joep de Jong Date: Mon, 27 May 2024 19:52:26 +0300 Subject: [PATCH] Temporarily disable csrf (#493) --- src/main/java/ch/wisv/events/ChConnectConfiguration.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/ch/wisv/events/ChConnectConfiguration.java b/src/main/java/ch/wisv/events/ChConnectConfiguration.java index 56d1f8c4..49c5d9db 100644 --- a/src/main/java/ch/wisv/events/ChConnectConfiguration.java +++ b/src/main/java/ch/wisv/events/ChConnectConfiguration.java @@ -13,6 +13,7 @@ import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest; import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService; @@ -69,7 +70,7 @@ public class ChConnectConfiguration { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .cors(Customizer.withDefaults()) - .csrf(Customizer.withDefaults()) + .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests((authorize) -> authorize .requestMatchers("/administrator/**").hasRole("ADMIN") .requestMatchers("/", "/management/health").permitAll()