PATCH Method인 경우에도 url을 csrf 에 추가

This commit is contained in:
김율태
2025-02-05 17:50:07 +09:00
parent 387bc00671
commit 47b5081839
@@ -1,10 +1,12 @@
package com.eactive.testmaster.api.controller;
import com.eactive.testmaster.api.entity.MockRoute;
import com.eactive.testmaster.api.service.MockRouteService;
import com.eactive.testmaster.config.CsrfExclusionService;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -13,6 +15,10 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import com.eactive.testmaster.api.entity.MockRoute;
import com.eactive.testmaster.api.service.MockRouteService;
import com.eactive.testmaster.config.CsrfExclusionService;
@Component
public class MockApiHandlerMapping {
@@ -30,6 +36,9 @@ public class MockApiHandlerMapping {
@Autowired
private CsrfExclusionService csrfExclusionService;
/** PATCH 도 추가 */
final Set<String> csrfAllowedMethods = new HashSet<>(Arrays.asList("POST", "PUT", "PATCH"));
@PostConstruct
public void initialize() {
mockRouteService.initAllRoutes();
@@ -46,7 +55,8 @@ public class MockApiHandlerMapping {
try {
requestMappingHandlerMapping.registerMapping(mappingInfo, mockApiController, MockApiController.class.getDeclaredMethod("handleRequest", HttpServletRequest.class));
if (mockRoute.getMethod().equalsIgnoreCase("POST") || mockRoute.getMethod().equalsIgnoreCase("PUT")) {
if (csrfAllowedMethods.contains(mockRoute.getMethod().toUpperCase())) {
csrfExclusionService.addExcludedPath(mockRoute.getPathPattern());
}
logger.info("Registered mapping for {} {}", mockRoute.getMethod(), mockRoute.getPathPattern());