Skip to content

Optimized login form in security sample - delegated CSRF token creation to thymeleaf #1039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Optimized login form in security sample - delegated CSRF token creation to thymeleaf #1039

wants to merge 1 commit into from
+4 −6

Conversation

jgayoso
Copy link
Contributor

@jgayoso jgayoso commented Jun 5, 2014

@philwebb philwebb changed the title Optimized login form - delegated CSRF token creation to thymeleaf Optimized login form in security sample - delegated CSRF token creation to thymeleaf Jun 5, 2014
@dsyer
Copy link
Member

dsyer commented Jun 6, 2014

Thanks! I didn't know about that feature in thymeleaf. Can you confirm you filled out the contributor's agreement (link in README)?

@jgayoso
Copy link
Contributor Author

jgayoso commented Jun 6, 2014

I've filled out the contributor's agreement.

@philwebb philwebb added this to the 1.1.0 milestone Jun 6, 2014
@qiuzhanghua
Copy link

@jgayoso I try CSRF feature, it is cool and works for login.
but for every post, I should have

in the form.
am I right?
how to avoid this, thanks

@lynx-r
Copy link

lynx-r commented Jun 8, 2014

+1

@jgayoso
Copy link
Contributor Author

jgayoso commented Jun 9, 2014

No, you shouldn't have those attributes. Thymeleaf will add hidden form fields depending on Spring configuration. In this case, the csrf parameter will depend on Spring Security configuration.

@dsyer dsyer closed this in b7d94d1 Jun 9, 2014
maciejwalkowiak pushed a commit to maciejwalkowiak/spring-boot that referenced this pull request Jun 9, 2014
@jgayoso @maciejwalkowiak
Optimized login form - delegated CSRF token creation to thymeleaf
4a1ad31 
Also added additional test to verify behaviour.

Fixes spring-projectsgh-1039
@philwebb philwebb removed the backlog label Jun 9, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.0
Development

Successfully merging this pull request may close these issues.
5 participants
@jgayoso @dsyer @qiuzhanghua @lynx-r @philwebb