kevdoran commented on a change in pull request #5262:
URL: https://github.com/apache/nifi/pull/5262#discussion_r691268425
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/CsrfCookieRequestMatcher.java
##########
@@ -35,6 +33,6 @@
*/
@Override
public boolean matches(final HttpServletRequest httpServletRequest) {
- return WebUtils.getCookie(httpServletRequest,
DEFAULT_CSRF_COOKIE_NAME) != null;
+ return WebUtils.getCookie(httpServletRequest,
SecurityCookieName.AUTHORIZATION_BEARER.getName()) != null;
Review comment:
This does not change existing functionality, so it is not a blocker to
the PR, but just for my own understanding as I have not seen how NiFi does this
- in NiFi, is the jwt token value also used as the CSRF prevention token value?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
