mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-04-28 11:57:11 +00:00
Code Issues Releases Wiki Activity

Add XSRF protection to legacy authentication mechanism

Browse Source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148689952
This commit is contained in:
mountford
2017-02-27 13:53:10 -08:00
committed by Ben McIlwain
parent a5932c0fc3
commit c7a62e9b98
12 changed files with 227 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/google/registry/request/auth/AppEngineInternalAuthenticationMechanism.java
View File

@@ -17,6 +17,7 @@ package google.registry.request.auth;
import static google.registry.request.auth.AuthLevel.APP;
import static google.registry.request.auth.AuthLevel.NONE;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
/**
@@ -56,6 +57,9 @@ public class AppEngineInternalAuthenticationMechanism implements AuthenticationM
// As defined in the App Engine request header documentation.
private static final String QUEUE_NAME_HEADER = "X-AppEngine-QueueName";
@Inject
public AppEngineInternalAuthenticationMechanism() {}
@Override
public AuthResult authenticate(HttpServletRequest request) {
if (request.getHeader(QUEUE_NAME_HEADER) == null) {