Merge pull request #29 from SmartPotTech/alert-autofix-5

SebastianLopezO · web-flow · commit 72e859d3aba4 · 2025-07-02T10:20:51.000-05:00
Potential fix for code scanning alert no. 5: Disabled Spring CSRF protection
diff --git a/src/main/java/smartpot/com/api/Security/Config/SecurityConfiguration.java b/src/main/java/smartpot/com/api/Security/Config/SecurityConfiguration.java
@@ -59,7 +59,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSec) throws Exce
         }
 
         return httpSec
-                .csrf(AbstractHttpConfigurer::disable)
+                .csrf(Customizer.withDefaults()) // Enable CSRF protection
                 .cors(c -> c.configurationSource(corsConfig))
                 .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                     authorizationManagerRequestMatcherRegistry.requestMatchers(publicRoutesList.toArray(new String[0])).permitAll();

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSec) throws Exce`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`return httpSec`
`62`		`- .csrf(AbstractHttpConfigurer::disable)`
	`62`	`+ .csrf(Customizer.withDefaults()) // Enable CSRF protection`
`63`	`63`	`.cors(c -> c.configurationSource(corsConfig))`
`64`	`64`	`.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {`
`65`	`65`	`authorizationManagerRequestMatcherRegistry.requestMatchers(publicRoutesList.toArray(new String[0])).permitAll();`