kevdoran commented on a change in pull request #5262: URL: https://github.com/apache/nifi/pull/5262#discussion_r691268425
########## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/CsrfCookieRequestMatcher.java ########## @@ -35,6 +33,6 @@ */ @Override public boolean matches(final HttpServletRequest httpServletRequest) { - return WebUtils.getCookie(httpServletRequest, DEFAULT_CSRF_COOKIE_NAME) != null; + return WebUtils.getCookie(httpServletRequest, SecurityCookieName.AUTHORIZATION_BEARER.getName()) != null; Review comment: This does not change existing functionality, so it is not a blocker to the PR, but just for my own understanding as I have not seen how NiFi does this - in NiFi, is the jwt token value also used as the CSRF prevention token value? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org