RestContract icon indicating copy to clipboard operation
RestContract copied to clipboard

Published 20 hours ago verified publisher icon DSpace

New `/api/security/csrf` endpoint & updated CSRF docs

Open tdonohue opened this issue 1 year ago • 1 comments

Documentation for the new GET /api/security/csrf endpoint added by https://github.com/DSpace/DSpace/pull/9321

  • In that PR, this endpoint is currently only necessary for ITs related to CSRF tokens because Spring Security 6 doesn't support cookie-based CSRF creation in its integration test tools.
  • It also is used to fix https://github.com/DSpace/DSpace/issues/9236 (see https://github.com/DSpace/dspace-angular/pull/2886 and https://github.com/DSpace/dspace-angular/pull/2897)

Adding more details to the documentation on CSRF Token behavior, by including details on how the User Interface interacts with the REST API with regards to CSRF tokens.

tdonohue avatar Mar 22 '24 20:03 tdonohue

Assigning to @abollini for feedback on this Contract & also whether we should backport this to 7.x as this endpoint (along with minor changes to the Angular UI) fixes this bug https://github.com/DSpace/DSpace/issues/9236 (and that bug also impacts 7.x)

tdonohue avatar Apr 18 '24 15:04 tdonohue

Merging to main. I've also added the port to dspace-7_x flag as this fix should be ported to 7.x (along with the implementation code -- I'll create PRs for those as well.)

tdonohue avatar May 16 '24 15:05 tdonohue

Successfully created backport PR for dspace-7_x:

  • #269

dspace-bot avatar May 16 '24 15:05 dspace-bot