~jan0sch/smederee

Showing details for patch af88f0f2564fe6f0e63d2383dbc0104bb6f1f951.
2024-02-10 (Sat), 9:59 AM - Jens Grassel - af88f0f2564fe6f0e63d2383dbc0104bb6f1f951

Hub: Code cleanup

- rephrase documentation for CSRF protection on failure handler to reflect
  correct behaviour
Summary of changes
1 files modified with 2 lines added and 5 lines removed
  • modules/hub/src/main/scala/de/smederee/hub/HubServer.scala with 2 added and 5 removed lines
diff -rN -u old-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala new-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala
--- old-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala	2025-01-12 21:53:26.392925141 +0000
+++ new-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala	2025-01-12 21:53:26.392925141 +0000
@@ -444,11 +444,8 @@
                         NonEmptyList(hubConfiguration.service.external, List(ticketsConfiguration.externalUrl))
                     )
                     csrfBuilder = CSRF[IO, IO](csrfKey, csrfOriginCheck)
-                    /* The idea behind the `onFailure` part of the CSRF protection middleware is
-                     * that we simply remove the CSRF cookie and redirect the user to the frontpage.
-                     * This is done to avoid frustration for users after a server restart because
-                     * the CSRF secret key will change then and thus all requests are invalid.
-                     */
+                    // Present an error page to the user in case of CSRF check failure that recommends deleting the
+                    // cookies.
                     csrfMiddleware = csrfBuilder
                         .withCookieDomain(Option(hubConfiguration.service.external.host.toString))
                         .withCookieName(Constants.csrfCookieName.toString)