From 8cb922a88dd8f21d6e8022472475c3fff1a73c14 Mon Sep 17 00:00:00 2001 From: Jan Date: Sat, 25 Oct 2025 16:45:01 +0200 Subject: [PATCH] Updated properties and enhanced SecurityConfig - Changed `server.forward-headers-strategy` to `native` in `application.properties`. - Added exclusion for `/login/oauth2/code/**` in CSRF configuration. --- src/main/java/de/avatic/lcc/config/SecurityConfig.java | 2 ++ src/main/resources/application.properties | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/de/avatic/lcc/config/SecurityConfig.java b/src/main/java/de/avatic/lcc/config/SecurityConfig.java index 0f8af1f..88e209e 100644 --- a/src/main/java/de/avatic/lcc/config/SecurityConfig.java +++ b/src/main/java/de/avatic/lcc/config/SecurityConfig.java @@ -73,6 +73,7 @@ public class SecurityConfig { .jwtAuthenticationConverter(jwtAuthenticationConverter()) ) ) + .exceptionHandling(ex -> ex .defaultAuthenticationEntryPointFor( new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), @@ -82,6 +83,7 @@ public class SecurityConfig { .csrf(csrf -> csrf .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .csrfTokenRequestHandler(new LccCsrfTokenRequestHandler()) + .ignoringRequestMatchers("/login/oauth2/code/**") ) .addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class) .addFilterBefore( diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 5997858..681b6e9 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -23,4 +23,4 @@ spring.flyway.enabled=true spring.flyway.locations=classpath:db/migration spring.flyway.baseline-on-migrate=true spring.sql.init.mode=never -server.forward-headers-strategy=framework +server.forward-headers-strategy=native