This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0bc6d80e5a6c34c26582ed2514d1567472ee2253 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue May 10 16:14:51 2022 +0100 Allow sub-class to decide if session being null is an issue or not --- java/org/apache/catalina/filters/CsrfPreventionFilter.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java b/java/org/apache/catalina/filters/CsrfPreventionFilter.java index c2d1c0ab3a..7be53ab8a1 100644 --- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java +++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java @@ -120,7 +120,7 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase { HttpSession session = req.getSession(false); - NonceCache<String> nonceCache = (session == null) ? null : getNonceCache(req, session); + NonceCache<String> nonceCache = getNonceCache(req, session); if (!skipNonceCheck(req)) { String previousNonce = req.getParameter(nonceRequestParameterName); @@ -265,6 +265,9 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase { * and/or session */ protected NonceCache<String> getNonceCache(HttpServletRequest request, HttpSession session) { + if (session == null) { + return null; + } @SuppressWarnings("unchecked") NonceCache<String> nonceCache = (NonceCache<String>) session.getAttribute(Constants.CSRF_NONCE_SESSION_ATTR_NAME); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org