-
Improvement
-
Resolution: Fixed
-
Neutral
-
6.2.11
Magnolia logs CSRF attack warnings for some Vaadin requests once a session expires:
2021-08-17 09:18:45,517 WARN info.magnolia.cms.security.CsrfTokenSecurityFilter: Possible CSRF Attack. CSRF token not set while user 'anonymous' attempted to access url '/.magnolia/admincentral/HEARTBEAT/'. 2021-08-17 09:18:58,069 WARN info.magnolia.cms.security.CsrfTokenSecurityFilter: Possible CSRF Attack. CSRF token not set while user 'anonymous' attempted to access url '/.magnolia/admincentral/UIDL/'.
Since Vaadin comes with its own CSRF protection mechanisms we can bypass our CSRF token check for these URLs.
Acceptance criteria