Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

jzheaux · 2018-12-07T18:17:17Z

Related to #6220

The CookieCsrfTokenRepository attempts to use the setHttpOnly method only if that method is available in javax.servlet.http.Cookie.

Since Spring Framework 5.0 has a Servlet Spec baseline of 3.1, this check is no longer necessary.

We should always use the setHttpOnly method and remove any corresponding Servlet 2.5 or 3.0 tests.

The text was updated successfully, but these errors were encountered:

Fixes: spring-projectsgh-6263, Fixes: spring-projectsgh-6262

Fixes: gh-6263, Fixes: gh-6262

jzheaux added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Dec 7, 2018

jzheaux added this to the 5.2.0.M1 milestone Dec 7, 2018

jzheaux mentioned this issue Dec 7, 2018

Remove Servlet Spec 2.5 and 3.0 support #6220

Closed

7 tasks

jzheaux changed the title ~~Remove Servlet Spec 2.5 Support for CSRF~~ Remove Servlet Spec 2.5 and 3.0 Support for CSRF Dec 7, 2018

jzheaux mentioned this issue Dec 12, 2018

Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF #6278

Merged

dongmyo added a commit to dongmyo/spring-security-1 that referenced this issue Dec 14, 2018

Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF

877ed41

Fixes: spring-projectsgh-6263, Fixes: spring-projectsgh-6262

jzheaux closed this as completed in #6278 Dec 14, 2018

jzheaux pushed a commit that referenced this issue Dec 14, 2018

Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF

fc802e1

Fixes: gh-6263, Fixes: gh-6262

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

jzheaux commented Dec 7, 2018

Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

Comments

jzheaux commented Dec 7, 2018