Allow maximum age of csrf cookie to be configured
Allows maxAge of the generated cookie by CookieCsrfTokenRepository to be configurable. Prior to this commit, maximum age was set with a value of -1. After this commit, it will be configured by the user with an either positive or negative value. If the user does not provide a value, it will be set -1. An IllegalArgumentException will be thrown when this value is set to zero. Closes gh-9195
This commit is contained in:
@@ -190,6 +190,16 @@ public class CookieCsrfTokenRepositoryTests {
|
||||
assertThat(tokenCookie.getDomain()).isEqualTo(domainName);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveTokenWithCookieMaxAge() {
|
||||
int maxAge = 1200;
|
||||
this.repository.setCookieMaxAge(maxAge);
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
assertThat(tokenCookie.getMaxAge()).isEqualTo(maxAge);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadTokenNoCookiesNull() {
|
||||
assertThat(this.repository.loadToken(this.request)).isNull();
|
||||
@@ -251,4 +261,9 @@ public class CookieCsrfTokenRepositoryTests {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setHeaderName(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setCookieMaxAgeZeroIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieMaxAge(0));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user