Inaccurate javadoc text in setRequestHandler method of CsrfFilter class

**Expected Behavior**

In version 6.0, the default `CsrfTokenRequestHandler` of the `CsrfFilter` class has changed to `XorCsrfTokenRequestAttributeHandler` and the javadoc of the `setRequestHandler` method should reflect this change.

**Current Behavior**

The javadoc of the `setRequestHandler` method still says that the default is the `CsrfTokenRequestAttributeHandler`.

Although `XorCsrfTokenRequestAttributeHandler` is a subclass of `CsrfTokenRequestAttributeHandler`, the behavior is quite different.

**Context**

[In this line](https://github.com/spring-projects/spring-security/blob/6.0.1/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java#L90), the `requestHandler` is initialized with a `XorCsrfTokenRequestAttributeHandler` instance.

And [in this line](https://github.com/spring-projects/spring-security/blob/6.0.1/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java#L173) the javadoc inform the default `CsrfTokenRequestHandler`.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Inaccurate javadoc text in setRequestHandler method of CsrfFilter class #12464

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Inaccurate javadoc text in setRequestHandler method of CsrfFilter class #12464

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions