From e97b933e145abb52fead6ec1c9e438b1cbe82539 Mon Sep 17 00:00:00 2001 From: Mathias Holzer Date: Mon, 15 May 2023 16:48:44 +0200 Subject: [PATCH] Fix security-csrf-prevention.adoc Fixed typo in mention of default value for token name; fixed missing parameter type and import in code example (cherry picked from commit 37f7f5b9a2700f18ff29b34ce75fe48f6b74a051) --- docs/src/main/asciidoc/security-csrf-prevention.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/src/main/asciidoc/security-csrf-prevention.adoc b/docs/src/main/asciidoc/security-csrf-prevention.adoc index d7a0dcae5af0e1..47c639786baef1 100644 --- a/docs/src/main/asciidoc/security-csrf-prevention.adoc +++ b/docs/src/main/asciidoc/security-csrf-prevention.adoc @@ -120,7 +120,7 @@ public class UserNameResource { The form POST request will fail with HTTP status `400` if the filter finds the hidden CSRF form field is missing, the CSRF cookie is missing, or if the CSRF form field and CSRF cookie values do not match. -At this stage no additional configuration is needed - by default the CSRF form field and cookie name will be set to `csrf_token`, and the filter will verify the token. But you can change these names if you would like: +At this stage no additional configuration is needed - by default the CSRF form field and cookie name will be set to `csrf-token`, and the filter will verify the token. But you can change these names if you would like: [source,properties] ---- @@ -241,6 +241,7 @@ import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.core.Cookie; import javax.ws.rs.core.MediaType; import io.quarkus.qute.Template; @@ -263,7 +264,7 @@ public class UserNameResource { @Path("/csrfTokenForm") @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(MediaType.TEXT_PLAIN) - public String postCsrfTokenForm(@CookieParam("csrf-token") csrfCookie, @FormParam("csrf-token") String formCsrfToken, @FormParam("name") String userName) { + public String postCsrfTokenForm(@CookieParam("csrf-token") Cookie csrfCookie, @FormParam("csrf-token") String formCsrfToken, @FormParam("name") String userName) { if (!csrfCookie.getValue().equals(formCsrfToken)) { <1> throw new BadRequestException(); }