askask opened a new issue, #14260:
URL: https://github.com/apache/grails-core/issues/14260
### Steps to Reproduce
1. Create a Grails web application and add Spring Security Web as a
dependency
2. Configure CSRF protection in resources.groovy:
```
requestDataValueProcessor(org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor)
csrfFilter(org.springframework.security.web.csrf.CsrfFilter, new
org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository())
```
3. Create a GSP file containing a g:form element
### Expected Behaviour
I expect that the CSRF token is added to the form.
### Actual Behaviour
It isn't added.
### Environment Information
- **Operating System**: Linux
- **Grails Version:** 2.5.1 (the relevant code did not change since then
however)
- **JDK Version:** 8
- **Container Version (If Applicable):** 2.5
### -
I think the problem is
https://github.com/grails/grails-gsp/blob/af8bfebd63936fe29ef7abe833386b0ed00e01f3/grails-plugin-gsp/src/main/groovy/org/grails/plugins/web/taglib/FormTagLib.groovy#L395
Here the method of the form should be passed, not the method used to request
the page containing the form.
See also the [documentaton for the RequestDataValueProcessor
interface](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/servlet/support/RequestDataValueProcessor.html).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
