Details
-
New Feature
-
Resolution: Unresolved
-
Normal
-
None
-
9.6.3
-
None
Description
User Story
As an app dev, I want to use Spring Security default CSRF to secure my application's requests.
Acceptance Criteria
- provide a way to make ZK works with Spring Security CSRF without problems.
- If this feature we provide is very specific to spring, we should put this feature into zkspring, to fix ZKSPRING-55
Details
- When using spring security with ZK, app devs have to disable CSRF currently like https://github.com/zkoss/zkspring/blob/master/zkspringessentials/zkspringcoresec/src/main/java/org/zkoss/zkspringessentials/config/SecurityConfig.java#L23 because au request doesn't contain this token and will be rejected by spring security filter. ZK should provide a way to work with this feature.
Attachments
Issue Links
- relates to
-
ZK-4978 avoid sending sensitive data in url parameters
-
- Open
-
-
-
- Open
-