Skip to content

Cache Xor CSRF token in supplier #11988

New issue
New issue
Closed
Closed
Cache Xor CSRF token in supplier#11988
Assignees
sjohnr
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
Milestone
5.8.0-RC1
@sjohnr

Description

@sjohnr
sjohnr
opened on Oct 12, 2022

We should cache the Xor CSRF token (in request attributes) from XorCsrfTokenRequestAttributeHandler, so the CSRF token is only Xor'd once per request. Given:

CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
csrfToken.getToken();
csrfToken.getToken(); // should produce the same result as the line above

This shows up primarily in tests, when accessing the request attribute containing the CSRF token for predicting output of e.g. the DefaultLoginPageGeneratingFilter. Also, the intention of XorCsrfTokenRequestAttributeHandler was to Xor the token only once per request, so this enhancement aligns with that goal.

Also apply to reactive XorServerCsrfTokenRequestAttributeHandler.

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions