[tomcat] branch master updated: Move initialization of CSRF REST nonce header name context attribute into the RestCsrfPreventionFilter where it belongs.

Tue, 19 Nov 2019 09:59:07 -0800 

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new f651d87  Move initialization of CSRF REST nonce header name context 
attribute into the RestCsrfPreventionFilter where it belongs.
f651d87 is described below

commit f651d876366668fe53f7f03a6b52f0570f38cd03
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Tue Nov 19 12:57:23 2019 -0500

    Move initialization of CSRF REST nonce header name context attribute into 
the RestCsrfPreventionFilter where it belongs.
---
 java/org/apache/catalina/filters/CsrfPreventionFilter.java   |  5 -----
 .../apache/catalina/filters/RestCsrfPreventionFilter.java    | 12 ++++++++++++
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java 
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index 8a09cfb..621cd6d 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -104,11 +104,6 @@ public class CsrfPreventionFilter extends 
CsrfPreventionFilterBase {
         filterConfig.getServletContext().setAttribute(
                 Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
                 nonceRequestParameterName);
-
-        // Put the expected request header name into the application scope
-        filterConfig.getServletContext().setAttribute(
-                Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
-                Constants.CSRF_REST_NONCE_HEADER_NAME);
     }
 
     @Override
diff --git a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java 
b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
index 649464b..44f5da1 100644
--- a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
@@ -25,6 +25,7 @@ import java.util.function.Predicate;
 import java.util.regex.Pattern;
 
 import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -89,6 +90,17 @@ public class RestCsrfPreventionFilter extends 
CsrfPreventionFilterBase {
     private String pathsDelimiter = ",";
 
     @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        // Set the parameters
+        super.init(filterConfig);
+
+        // Put the expected request header name into the application scope
+        filterConfig.getServletContext().setAttribute(
+                Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
+                Constants.CSRF_REST_NONCE_HEADER_NAME);
+    }
+
+    @Override
     public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain)
             throws IOException, ServletException {
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to