usbharu
/
Hideout
mirror of https://github.com/usbharu/Hideout.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fix: CSRF保護を有効化

This commit is contained in:
usbharu 2023-09-26 12:55:48 +09:00
parent 5c1ef939d8
commit c916897874
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
View File

@ -72,6 +72,9 @@ class SecurityConfig {
builder.pattern("/error"), builder.pattern("/error"),
builder.pattern("/nodeinfo/2.0") builder.pattern("/nodeinfo/2.0")
).permitAll() ).permitAll()
it.requestMatchers(
builder.pattern("/auth/**")
).anonymous()
it.requestMatchers(builder.pattern("/change-password")).authenticated() it.requestMatchers(builder.pattern("/change-password")).authenticated()
it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials")) it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials"))
.hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts") .hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
@ -84,7 +87,6 @@ class SecurityConfig {
.passwordManagement { } .passwordManagement { }
.formLogin(Customizer.withDefaults()) .formLogin(Customizer.withDefaults())
.csrf { .csrf {
it.ignoringRequestMatchers(builder.pattern("/api/**"))
it.ignoringRequestMatchers(builder.pattern("/users/*/inbox")) it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
it.ignoringRequestMatchers(builder.pattern("/inbox")) it.ignoringRequestMatchers(builder.pattern("/inbox"))
it.ignoringRequestMatchers(PathRequest.toH2Console()) it.ignoringRequestMatchers(PathRequest.toH2Console())