Skip to content

Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262

New issue
New issue
Closed
#6278
Closed
Remove Servlet Spec 2.5 and 3.0 Support for CSRF#6262
#6278
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
Milestone
5.2.0.M1
@jzheaux

Description

@jzheaux
jzheaux
opened on Dec 7, 2018

Related to #6220

The CookieCsrfTokenRepository attempts to use the setHttpOnly method only if that method is available in javax.servlet.http.Cookie.

Since Spring Framework 5.0 has a Servlet Spec baseline of 3.1, this check is no longer necessary.

We should always use the setHttpOnly method and remove any corresponding Servlet 2.5 or 3.0 tests.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions