hdygxsj opened a new pull request, #13235: URL: https://github.com/apache/dolphinscheduler/pull/13235
## Purpose of the pull request close #12931 In contrast to pr #13164, which is a csrf defense implemented through spring security, all requests will go through the csrfFilter and load the token in the cookie to compare to the token in the header or paramter ## Brief change log * spring security dependencies were introduced * Added a class LoginCsrfTokenRepository that implements CsrfTokenRepository * Changed the login api.Upon login, the csrf token is generated through LoginCsrfTokenRepository and returned to the front-end * The front end saves the csrf token returned by the login request to pinia. * Whenever the front-end makes an http request, load the csrf token from pinia and place it on the X-XSRF-TOKEN of the http request header ## Verify this pull request All api test cases are modified to ensure that they pass csrf validation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
