Re: [PR] Csrf filter improvements [tomcat]

via GitHub Thu, 28 Dec 2023 14:15:27 -0800


ChristopherSchultz commented on code in PR #681:
URL: https://github.com/apache/tomcat/pull/681#discussion_r1437900565



##########
java/org/apache/catalina/filters/CsrfPreventionFilter.java:
##########
@@ -87,11 +104,170 @@ public void setNonceRequestParameterName(String 
parameterName) {
         this.nonceRequestParameterName = parameterName;
     }
 
+    /**
+     * Sets the flag to enforce CSRF protection or just log failures as DEBUG
+     * messages.
+     *
+     * @param enforce <code>true</code> to enforce CSRF protections or
+     *                <code>false</code> to log DEBUG messages and allow
+     *                all requests.
+     */
+    public void setEnforce(boolean enforce) {
+        this.enforce = enforce;
+    }
+
+    /**
+     * Gets the flag to enforce CSRF protection or just log failures as DEBUG
+     * messages.
+     *
+     * @return <code>true</code> if CSRF protections will be enforced or
+     *         <code>false</code> if all requests will be allowed and
+     *         failures will be logged as DEBUG messages.
+     */
+    public boolean getEnforce() {

Review Comment:
   There are 308 classes in the Tomcat 11.0.x source tree which contain 
`boolean isFoo()` and only 141 which contain `boolean getFoo()`. I didn't 
bother checking is any contain both.



##########
java/org/apache/catalina/filters/CsrfPreventionFilter.java:
##########
@@ -87,11 +104,170 @@ public void setNonceRequestParameterName(String 
parameterName) {
         this.nonceRequestParameterName = parameterName;
     }
 
+    /**
+     * Sets the flag to enforce CSRF protection or just log failures as DEBUG
+     * messages.
+     *
+     * @param enforce <code>true</code> to enforce CSRF protections or
+     *                <code>false</code> to log DEBUG messages and allow
+     *                all requests.
+     */
+    public void setEnforce(boolean enforce) {
+        this.enforce = enforce;
+    }
+
+    /**
+     * Gets the flag to enforce CSRF protection or just log failures as DEBUG
+     * messages.
+     *
+     * @return <code>true</code> if CSRF protections will be enforced or
+     *         <code>false</code> if all requests will be allowed and
+     *         failures will be logged as DEBUG messages.
+     */
+    public boolean getEnforce() {

Review Comment:
   There are 308 classes in the Tomcat 11.0.x source tree which contain 
`boolean isFoo()` and only 141 which contain `boolean getFoo()`. I didn't 
bother checking if any contain both.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Csrf filter improvements [tomcat]

Reply via email to