Enable CSRF protection by default

See gh-11758
This commit is contained in:
Madhura Bhave
2018-02-16 14:43:50 -08:00
parent 85f45adb9a
commit 4e61136948
3 changed files with 10 additions and 3 deletions

View File

@@ -447,7 +447,7 @@ content into your application; rather pick only the properties that you need.
security.basic.enabled=true # Enable basic authentication.
security.basic.path=/** # Comma-separated list of paths to secure.
security.basic.realm=Spring # HTTP basic realm name.
security.enable-csrf=false # Enable Cross Site Request Forgery support.
security.enable-csrf=true # Enable Cross Site Request Forgery support.
security.filter-order=0 # Security filter chain order.
security.filter-dispatcher-types=ASYNC, FORWARD, INCLUDE, REQUEST # Security filter chain dispatcher types.
security.headers.cache=true # Enable cache control HTTP headers.