Halaman utama Jelajahi Bantuan
Daftar Masuk
github
/
spring-security
cermin dari https://github.com/spring-projects/spring-security
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

SEC-2282: Polish CSRF Documentation

Explain why (passivity) XML Namespace doesn't enable csrf protection by
default.
Rob Winch 12 tahun lalu
induk
614c94187e
melakukan
9bb283044f
1 mengubah file dengan 4 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 4 0
      docs/manual/src/docbook/csrf.xml

+ 4 - 0
docs/manual/src/docbook/csrf.xml
Tampilan Berkas 

@@ -136,6 +136,10 @@ amount=100.00&routingNumber=1234&account=9876&_csrf=<secure-random>
 
                     differently.</para>
 
                 <para>For passivity reasons, if you are using the XML configuration, CSRF protection must be explicitly enabled using the <link linkend="nsa-csrf">&lt;csrf&gt;</link> element. Refer to the
 
                     <link linkend="nsa-csrf">&lt;csrf&gt;</link> element's documentation for additional customizations.</para>
 
+                    <note>
 
+                        <para><link xlink:href="https://jira.springsource.org/browse/SEC-2347">SEC-2347</link> is logged to ensure Spring
 
+                            Security 4.x's XML namespace configuration will enable CSRF protection by default.</para>
 
+                    </note>
 
                 <programlisting language="xml"><![CDATA[<http>
 
     <!-- ... -->
 
     <csrf />