Skip to content

Add CsrfFilter.csrfAttributeName #11699

New issue
New issue
Closed
Closed
Add CsrfFilter.csrfAttributeName#11699
Assignees
rwinch
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
Milestone
5.8.0-M3
@rwinch

Description

@rwinch
rwinch
opened on Aug 11, 2022

CsrfFilter uses CsrfToken.parameterName to specify the attribute name that the CsrfToken is set on. This doesn't make sense because parameterName is intended to be used as the HTTP parameter that the CsrfToken is provided not the HttpServlet request attribute. This behavior also means that the CsrfToken must be read for every request which causes unnecessary reads to the HttpSession on every request which can impact the performance of an application.

We should provide a property on CsrfFilter that is used to set the CsrfToken to address the concerns above.

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions