Skip to content

Commit

Permalink
[FIXED JENKINS-37149] Added CSRF protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@sanderv32
sanderv32 committed Aug 3, 2016
1 parent abae766 commit c5bec4c
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions src/main/java/org/jenkinsci/plugins/gogs/GogsWebHookCrumbExclusion.java
View file
@@ -0,0 +1,29 @@
package org.jenkinsci.plugins.gogs;

import hudson.Extension;
import hudson.security.csrf.CrumbExclusion;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Extension
public class GogsWebHookCrumbExclusion extends CrumbExclusion {

@Override
public boolean process(HttpServletRequest req, HttpServletResponse resp, FilterChain chain)
throws IOException, ServletException {
String pathInfo = req.getPathInfo();
if (pathInfo != null && pathInfo.equals(getExclusionPath())) {
chain.doFilter(req, resp);
return true;
}
return false;
}

public String getExclusionPath() {
return "/" + GogsWebHook.URLNAME + "/";
}
}

0 comments on commit c5bec4c

Please sign in to comment.