Skip to content

Commit

Permalink
Fix obsolete csrf extension name and configuration in security-csrf-p…
Browse files Browse the repository at this point in the history 
…revention.adoc
  • Loading branch information
@ksdev-pl
ksdev-pl authored Aug 17, 2024
1 parent d42baa5 commit 0bb5206
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions docs/src/main/asciidoc/security-csrf-prevention.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
include::_attributes.adoc[]
:categories: security
:topics: security,csrf,http
:extensions: io.quarkus:quarkus-csrf-reactive
:extensions: io.quarkus:quarkus-rest-csrf

https://owasp.org/www-community/attacks/csrf[Cross-Site Request Forgery (CSRF)] is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.

Expand All @@ -24,15 +24,15 @@ First, we need a new project.
Create a new project with the following command:

:create-app-artifact-id: security-csrf-prevention
:create-app-extensions: csrf-reactive
:create-app-extensions: rest-csrf
include::{includes}/devtools/create-app.adoc[]

This command generates a project which imports the `csrf-reactive` extension.
This command generates a project which imports the `rest-csrf` extension.

If you already have your Quarkus project configured, you can add the `csrf-reactive` extension
If you already have your Quarkus project configured, you can add the `rest-csrf` extension
to your project by running the following command in your project base directory:

:add-extension-extensions: csrf-reactive
:add-extension-extensions: rest-csrf
include::{includes}/devtools/extension-add.adoc[]

This will add the following to your build file:
Expand All @@ -42,14 +42,14 @@ This will add the following to your build file:
----
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-csrf-reactive</artifactId>
<artifactId>quarkus-rest-csrf</artifactId>
</dependency>
----

[source,gradle,role="secondary asciidoc-tabs-target-sync-gradle"]

Check warning on line 49 in docs/src/main/asciidoc/security-csrf-prevention.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.CaseSensitiveTerms] Use 'Gradle' rather than 'gradle'.

Raw Output:
{"message": "[Quarkus.CaseSensitiveTerms] Use 'Gradle' rather than 'gradle'.", "location": {"path": "docs/src/main/asciidoc/security-csrf-prevention.adoc", "range": {"start": {"line": 49, "column": 63}}}, "severity": "INFO"}
.build.gradle
----
implementation("io.quarkus:quarkus-csrf-reactive")
implementation("io.quarkus:quarkus-rest-csrf")
----

Next, let's add a `csrfToken.html` Qute template producing an HTML form in the `src/main/resources/templates` folder:
Expand Down

0 comments on commit 0bb5206

Please sign in to comment.