diff options
author | Vitaly Takmazov | 2022-12-08 14:24:15 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2022-12-08 14:24:15 +0300 |
commit | d46011fda6ce17537b9020af3688928b3281ccb8 (patch) | |
tree | 1df15ec1e5f747580fc18000a5ff087d210f2c44 /src/main/java/com/juick/config/SecurityConfig.java | |
parent | c942dcfcb854d0c3411ea29c3f9b7cba29314371 (diff) |
CSRF protection requires sessions
Diffstat (limited to 'src/main/java/com/juick/config/SecurityConfig.java')
-rw-r--r-- | src/main/java/com/juick/config/SecurityConfig.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index ad24445b..b531e62f 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -177,8 +177,7 @@ public class SecurityConfig { .configurationSource(corsConfigurationSource())) .sessionManagement( sessionManagement -> sessionManagement - .sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .invalidSessionUrl("/")) + .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)) .logout(logout -> logout .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .invalidateHttpSession(true) |