Reverse content type check

When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
This commit is contained in:
Zhivko Delchev
2022-05-13 02:24:59 +03:00
committed by Rob Winch
parent 6c3f53ac0a
commit d882bfcf2b
2 changed files with 12 additions and 1 deletions

View File

@@ -189,6 +189,17 @@ public class CsrfWebFilterTests {
.expectStatus().is2xxSuccessful();
}
@Test
public void filterWhenPostAndMultipartFormDataEnabledAndNoBodyProvided() {
this.csrfFilter.setCsrfTokenRepository(this.repository);
this.csrfFilter.setTokenFromMultipartDataEnabled(true);
given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
client.post().uri("/").header(this.token.getHeaderName(), this.token.getToken()).exchange().expectStatus()
.is2xxSuccessful();
}
@Test
public void filterWhenFormDataAndEnabledThenGranted() {
this.csrfFilter.setCsrfTokenRepository(this.repository);