From d46011fda6ce17537b9020af3688928b3281ccb8 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 8 Dec 2022 14:24:15 +0300 Subject: CSRF protection requires sessions --- src/main/java/com/juick/config/SecurityConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index ad24445b..b531e62f 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -177,8 +177,7 @@ public class SecurityConfig { .configurationSource(corsConfigurationSource())) .sessionManagement( sessionManagement -> sessionManagement - .sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .invalidSessionUrl("/")) + .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)) .logout(logout -> logout .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .invalidateHttpSession(true) -- cgit v1.2.3