Reverse content type check
When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205
This commit is contained in:
committed by
Rob Winch
parent
6c3f53ac0a
commit
d882bfcf2b
@@ -189,6 +189,17 @@ public class CsrfWebFilterTests {
|
||||
.expectStatus().is2xxSuccessful();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenPostAndMultipartFormDataEnabledAndNoBodyProvided() {
|
||||
this.csrfFilter.setCsrfTokenRepository(this.repository);
|
||||
this.csrfFilter.setTokenFromMultipartDataEnabled(true);
|
||||
given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
|
||||
given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
|
||||
WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
|
||||
client.post().uri("/").header(this.token.getHeaderName(), this.token.getToken()).exchange().expectStatus()
|
||||
.is2xxSuccessful();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenFormDataAndEnabledThenGranted() {
|
||||
this.csrfFilter.setCsrfTokenRepository(this.repository);
|
||||
|
||||
Reference in New Issue
Block a user