You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a Grails web application and add Spring Security Web as a dependency
Configure CSRF protection in resources.groovy:
requestDataValueProcessor(org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor)
csrfFilter(org.springframework.security.web.csrf.CsrfFilter, new org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository())
Create a GSP file containing a g:form element
Expected Behaviour
I expect that the CSRF token is added to the form.
Actual Behaviour
It isn't added.
Environment Information
Operating System: Linux
Grails Version: 2.5.1 (the relevant code did not change since then however)
Steps to Reproduce
Expected Behaviour
I expect that the CSRF token is added to the form.
Actual Behaviour
It isn't added.
Environment Information
-
I think the problem is
grails-gsp/grails-plugin-gsp/src/main/groovy/org/grails/plugins/web/taglib/FormTagLib.groovy
Line 395 in af8bfeb
Here the method of the form should be passed, not the method used to request the page containing the form.
See also the documentaton for the RequestDataValueProcessor interface.
The text was updated successfully, but these errors were encountered: