Accueil Explorer Aide
S'inscrire Connexion
github
/
spring-security
miroir de https://github.com/spring-projects/spring-security
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

Add section for migrating WebSocket support

Issue gh-12378
Steve Riesenberg il y a 2 ans
Parent
13487be268
commit
179428f7da
2 fichiers modifiés avec 12 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 1 0
      docs/modules/ROOT/nav.adoc
  2. 11 0
      docs/modules/ROOT/pages/migration/servlet/exploits.adoc

+ 1 - 0
docs/modules/ROOT/nav.adoc
Voir le fichier 

@@ -5,6 +5,7 @@
 
 * xref:migration/index.adoc[Migrating to 6.0]
 
 ** xref:migration/servlet/index.adoc[Servlet Migrations]
 
 *** xref:migration/servlet/session-management.adoc[Session Management]
 
+*** xref:migration/servlet/exploits.adoc[Exploit Protection]
 
 *** xref:migration/servlet/authentication.adoc[Authentication]
 
 *** xref:migration/servlet/authorization.adoc[Authorization]
 
 ** xref:migration/reactive.adoc[Reactive Migrations]

+ 11 - 0
docs/modules/ROOT/pages/migration/servlet/exploits.adoc
Voir le fichier 

@@ -0,0 +1,11 @@
 
+= Exploit Protection Migrations
 
+
 
+The following steps relate to how to finish migrating exploit protection support.
 
+
 
+== CSRF BREACH with WebSocket support
 
+
 
+In Spring Security 5.8, the default `ChannelInterceptor` for making the `CsrfToken` available with xref:servlet/integrations/websocket.adoc[WebSocket Security] is `CsrfChannelInterceptor`.
 
+`XorCsrfChannelInterceptor` was added to allow opting into CSRF BREACH support.
 
+
 
+In Spring Security 6, `XorCsrfChannelInterceptor` is the default `ChannelInterceptor` for making the `CsrfToken` available.
 
+If you configured the `XorCsrfChannelInterceptor` only for the purpose of updating to 6.0, you can remove it completely.