optimize: optimize WebSecurityConfig csrf (#6749)

apache · Sep 2, 2024 · 1d426ed · 1d426ed
1 parent 9263976
commit 1d426ed
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
@@ -60,6 +60,7 @@ Add changes here for all PR submitted to the 2.x branch.
 - [[#6743](https://github.com/apache/incubator-seata/pull/6743)] upgrade npmjs version in saga
 - [[#6746](https://github.com/apache/incubator-seata/pull/6746)] optimize compatible dependencies
 - [[#6745](https://github.com/apache/incubator-seata/pull/6745)] fix node-gyp build error on arm64 and macos
+- [[#6749](https://github.com/apache/incubator-seata/pull/6749)] optimize WebSecurityConfig csrf
 - [[#6748](https://github.com/apache/incubator-seata/pull/6748)] optimize ConsistentHashLoadBalance Algorithm
 - [[#6747](https://github.com/apache/incubator-seata/pull/6747)] optimize fastjson deserialization
 - [[#6755](https://github.com/apache/incubator-seata/pull/6755)] optimize namingserver code logic
@@ -74,6 +75,7 @@ Add changes here for all PR submitted to the 2.x branch.
 - [[#6793](https://github.com/apache/incubator-seata/pull/6793)] fix npmjs conflicts
 - [[#6794](https://github.com/apache/incubator-seata/pull/6794)] optimize NacosMockTest UT case
 
+
 ### refactor:
 
 ### security:

diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
@@ -61,6 +61,7 @@
 - [[#6743](https://github.com/apache/incubator-seata/pull/6743)] 升级saga模块npmjs版本
 - [[#6746](https://github.com/apache/incubator-seata/pull/6746)] 优化 compatible 模块依赖
 - [[#6745](https://github.com/apache/incubator-seata/pull/6745)] 修复 node-gyp 在 arm64 和 macos 构建失败问题
+- [[#6749](https://github.com/apache/incubator-seata/pull/6749)] 优化 WebSecurityConfig csrf 处理
 - [[#6748](https://github.com/apache/incubator-seata/pull/6748)] 优化 ConsistentHashLoadBalance 算法
 - [[#6747](https://github.com/apache/incubator-seata/pull/6747)] 优化 fastjson 反序列化
 - [[#6755](https://github.com/apache/incubator-seata/pull/6755)] 优化namingserver代码逻辑
@@ -75,6 +76,7 @@
 - [[#6793](https://github.com/apache/incubator-seata/pull/6793)] 修复 npmjs 依赖冲突问题
 - [[#6794](https://github.com/apache/incubator-seata/pull/6794)] 优化 NacosMockTest 单测问题
 
+
 ### refactor:
 
 

diff --git a/console/src/main/java/org/apache/seata/console/config/WebSecurityConfig.java b/console/src/main/java/org/apache/seata/console/config/WebSecurityConfig.java
@@ -101,9 +101,8 @@ protected void configure(HttpSecurity http) throws Exception {
             // custom token authorize exception handler
             .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
             // since we use jwt, session is not necessary
-            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
-            // since we use jwt, csrf is not necessary
-            .csrf().disable();
+            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).disable();
+            // don't disable csrf, jwt may be implemented based on cookies
         http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider),
             UsernamePasswordAuthenticationFilter.class);