PATCH Method인 경우에도 url을 csrf 에 추가
This commit is contained in:
@@ -1,10 +1,12 @@
|
||||
package com.eactive.testmaster.api.controller;
|
||||
|
||||
import com.eactive.testmaster.api.entity.MockRoute;
|
||||
import com.eactive.testmaster.api.service.MockRouteService;
|
||||
import com.eactive.testmaster.config.CsrfExclusionService;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -13,6 +15,10 @@ import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
|
||||
|
||||
import com.eactive.testmaster.api.entity.MockRoute;
|
||||
import com.eactive.testmaster.api.service.MockRouteService;
|
||||
import com.eactive.testmaster.config.CsrfExclusionService;
|
||||
|
||||
@Component
|
||||
public class MockApiHandlerMapping {
|
||||
|
||||
@@ -30,6 +36,9 @@ public class MockApiHandlerMapping {
|
||||
@Autowired
|
||||
private CsrfExclusionService csrfExclusionService;
|
||||
|
||||
/** PATCH 도 추가 */
|
||||
final Set<String> csrfAllowedMethods = new HashSet<>(Arrays.asList("POST", "PUT", "PATCH"));
|
||||
|
||||
@PostConstruct
|
||||
public void initialize() {
|
||||
mockRouteService.initAllRoutes();
|
||||
@@ -46,7 +55,8 @@ public class MockApiHandlerMapping {
|
||||
|
||||
try {
|
||||
requestMappingHandlerMapping.registerMapping(mappingInfo, mockApiController, MockApiController.class.getDeclaredMethod("handleRequest", HttpServletRequest.class));
|
||||
if (mockRoute.getMethod().equalsIgnoreCase("POST") || mockRoute.getMethod().equalsIgnoreCase("PUT")) {
|
||||
|
||||
if (csrfAllowedMethods.contains(mockRoute.getMethod().toUpperCase())) {
|
||||
csrfExclusionService.addExcludedPath(mockRoute.getPathPattern());
|
||||
}
|
||||
logger.info("Registered mapping for {} {}", mockRoute.getMethod(), mockRoute.getPathPattern());
|
||||
|
||||
Reference in New Issue
Block a user