Add XSRF protection to legacy authentication mechanism

------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=148689952
2026-01-11 00:10:36 +00:00 · 2017-02-27 13:53:10 -08:00
parent a5932c0fc3
commit c7a62e9b98
12 changed files with 227 additions and 56 deletions
--- a/java/google/registry/request/Route.java
+++ b/java/google/registry/request/Route.java
@@ -42,6 +42,7 @@ abstract class Route {
  }

  boolean shouldXsrfProtect(Action.Method requestMethod) {
-    return action().xsrfProtection() && requestMethod != Action.Method.GET;
+    return action().xsrfProtection()
+        && (requestMethod != Action.Method.GET) && (requestMethod != Action.Method.HEAD);
  }
 }