-
Improvement
-
Resolution: Unresolved
-
Neutral
-
6.3.0, 6.2.38
-
None
After a server side forward the CsrfCookieTokenFilter runs a second time and causes a second CSRF cookie to be set.
Reproducer
curl -vv 'http://localhost:8080/magnoliaPublic/travel/tours/magnolia-travels/Hut-to-Hut-in-the-Swiss-Alps.html' 2>&1 | grep Set-Cookie
Implementation note
- CsrfTokenFilterBase extends OncePerRequestAbstractMgnlFilter would ensure the filter is not executed after a server side redirect.
- Trying to come up with a UT for this I concluded this would need mocking of too many parts to make the whole machinery work. We should look into covering this with an IT in CE instead.
Acceptance criteria