aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2022-12-08 14:24:15 +0300
committerGravatar Vitaly Takmazov2022-12-08 14:24:15 +0300
commitd46011fda6ce17537b9020af3688928b3281ccb8 (patch)
tree1df15ec1e5f747580fc18000a5ff087d210f2c44
parentc942dcfcb854d0c3411ea29c3f9b7cba29314371 (diff)
CSRF protection requires sessions
-rw-r--r--src/main/java/com/juick/config/SecurityConfig.java3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index ad24445b..b531e62f 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -177,8 +177,7 @@ public class SecurityConfig {
.configurationSource(corsConfigurationSource()))
.sessionManagement(
sessionManagement -> sessionManagement
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .invalidSessionUrl("/"))
+ .sessionCreationPolicy(SessionCreationPolicy.ALWAYS))
.logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.invalidateHttpSession(true)