Skip to content

Remove LazyCsrfTokenRepository #13196

New issue
New issue
Open
Listed in
#13068
Open
Remove LazyCsrfTokenRepository#13196
Listed in
#13068
Labels
in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement
@jzheaux

Description

@jzheaux
jzheaux
opened on May 18, 2023
Contributor

As LazyCsrfTokenRepository is deprecated, it can now be removed.

Note that a number of components use setAttribute(HttpServletResponse.class.getName(), response) to store the response for later use by LazyCsrfTokenRepository. This ticket should also remove those references.

Activity

jzheaux
added
status: waiting-for-triageAn issue we've not yet triaged
type: enhancementA general enhancement
in: webAn issue in web modules (web, webmvc)
type: breaks-passivityA change that breaks passivity with the previous release
and removed
status: waiting-for-triageAn issue we've not yet triaged
on May 18, 2023
jzheaux
mentioned this on May 18, 2023
jzheaux
mentioned this on Jun 22, 2023
ASDasd341

ASDasd341 commented on Aug 5, 2023

@ASDasd341
ASDasd341
on Aug 5, 2023

in place of LazyCsrfTokenRepository you can use CookieCsrfTokenRepository, itprovides a more secure and efficient way to manage CSRF tokens in Spring Security.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @jzheaux@ASDasd341

        Issue actions
          Remove LazyCsrfTokenRepository · Issue #13196 · spring-projects/spring-security