|
@@ -3244,7 +3244,7 @@ There are two options to using CSRF protection with multipart/form-data. Each op
|
|
|
|
|
|
|
|
[NOTE]
|
|
[NOTE]
|
|
|
====
|
|
====
|
|
|
-More information about using multipart forms with Spring can be found within the http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html#mvc-multipart[17.10 Spring's multipart (file upload) support] section of the Spring reference.
|
|
|
|
|
|
|
+Before you integrate Spring Security's CSRF protection with multipart file upload, ensure that you can upload without the CSRF protection first. More information about using multipart forms with Spring can be found within the http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/mvc.html#mvc-multipart[17.10 Spring's multipart (file upload) support] section of the Spring reference.
|
|
|
====
|
|
====
|
|
|
|
|
|
|
|
[[csrf-multipartfilter]]
|
|
[[csrf-multipartfilter]]
|
|
@@ -3278,13 +3278,12 @@ To ensure `MultipartFilter` is specified before the Spring Security filter with
|
|
|
</filter>
|
|
</filter>
|
|
|
<filter-mapping>
|
|
<filter-mapping>
|
|
|
<filter-name>MultipartFilter</filter-name>
|
|
<filter-name>MultipartFilter</filter-name>
|
|
|
- <servlet-name>/*</servlet-name>
|
|
|
|
|
|
|
+ <url-pattern>/*</url-pattern>
|
|
|
</filter-mapping>
|
|
</filter-mapping>
|
|
|
<filter-mapping>
|
|
<filter-mapping>
|
|
|
<filter-name>springSecurityFilterChain</filter-name>
|
|
<filter-name>springSecurityFilterChain</filter-name>
|
|
|
<url-pattern>/*</url-pattern>
|
|
<url-pattern>/*</url-pattern>
|
|
|
</filter-mapping>
|
|
</filter-mapping>
|
|
|
-
|
|
|
|
|
----
|
|
----
|
|
|
|
|
|
|
|
[[csrf-include-csrf-token-in-action]]
|
|
[[csrf-include-csrf-token-in-action]]
|
Rob Winch