Skip to content

Default to XorCsrfChannelInterceptor in XML configuration #17323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Default to XorCsrfChannelInterceptor in XML configuration #17323

wants to merge 1 commit into from

Conversation

msqr
Copy link

@msqr msqr commented Jun 20, 2025

Change WebSocketMessageBrokerSecurityBeanDefinitionParser to use XorCsrfChannelInterceptor by default, so WebSocket XML configuration matches the default Xor-based configuration already in WebSocketMessageBrokerSecurityConfiguration.

Issue gh-17260

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 20, 2025
@msqr msqr mentioned this pull request Jun 20, 2025
Open
@jzheaux jzheaux self-assigned this Jul 3, 2025
@jzheaux jzheaux added in: config An issue in spring-security-config type: enhancement A general enhancement type: breaks-passivity A change that breaks passivity with the previous release and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 3, 2025
@jzheaux jzheaux added this to the 7.0.0-M1 milestone Jul 3, 2025
@jzheaux
Copy link
Contributor

jzheaux commented Jul 3, 2025

@msqr, thanks for the PR. I'm seeing some errors in the build that appear unrelated to your PR; however, I'm having trouble rebasing your PR to the latest.

Will you please pull the latest main, rebase your branch, and force push the PR? We'll see if it builds cleanly after that.

@jzheaux jzheaux added the status: waiting-for-feedback We need additional information before we can continue label Jul 3, 2025
@msqr
Default to XorCsrfChannelInterceptor in XML configuration
8e7101d 
Change WebSocketMessageBrokerSecurityBeanDefinitionParser to use
XorCsrfChannelInterceptor by default, so WebSocket XML configuration
matches the default Xor-based configuration already in
WebSocketMessageBrokerSecurityConfiguration.

Issue spring-projectsgh-17260

Signed-off-by: Matt Magoffin <[email protected]>
@msqr msqr force-pushed the feature/websocket-xml-config-xor-csrf branch from 8aa15bb to 8e7101d Compare July 4, 2025 22:40
@msqr
Copy link
Author

msqr commented Jul 4, 2025

Sure thing @jzheaux I've done that now. It built and all tests ran successfully for me locally after the rebase.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jul 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jzheaux jzheaux

Labels
in: config An issue in spring-security-config status: feedback-provided Feedback has been provided type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-M1
Development

Successfully merging this pull request may close these issues.
3 participants
@msqr @jzheaux @spring-projects-issues