Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-9080

Duplicate CSRF cookies after server side forward

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Neutral Neutral
    • 6.3.0
    • 6.3.0, 6.2.38
    • core
    • None

      After a server side forward the CsrfCookieTokenFilter runs a second time and causes a second CSRF cookie to be set.

      Reproducer

       curl  -vv 'http://localhost:8080/magnoliaPublic/travel/tours/magnolia-travels/Hut-to-Hut-in-the-Swiss-Alps.html' 2>&1 | grep Set-Cookie 

      Implementation note

      • CsrfTokenFilterBase extends OncePerRequestAbstractMgnlFilter¬† would ensure the filter is not executed after a server side redirect.
      • Trying to come up with a UT for this I concluded this would need mocking of too many parts to make the whole machinery work. We should look into covering this with an IT in CE instead.

        Acceptance criteria

              mduerig Michael Duerig
              mduerig Michael Duerig
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Work Started:

                  Task DoD