usbharu
/
Hideout
mirror of https://github.com/usbharu/Hideout.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fix: CSRF保護を有効化

This commit is contained in:
usbharu 2023-09-26 12:55:48 +09:00
parent 60e189a596
commit 175e43830d
Signed by: usbharu
GPG Key ID: 6556747BF94EEBC8
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
View File

@ -72,6 +72,9 @@ class SecurityConfig {
builder.pattern("/error"),
builder.pattern("/nodeinfo/2.0")
).permitAll()
it.requestMatchers(
builder.pattern("/auth/**")
).anonymous()
it.requestMatchers(builder.pattern("/change-password")).authenticated()
it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials"))
.hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
@ -84,7 +87,6 @@ class SecurityConfig {
.passwordManagement { }
.formLogin(Customizer.withDefaults())
.csrf {
it.ignoringRequestMatchers(builder.pattern("/api/**"))
it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
it.ignoringRequestMatchers(builder.pattern("/inbox"))
it.ignoringRequestMatchers(PathRequest.toH2Console())