zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-16 09:27:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add XSRF protection to legacy authentication mechanism

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148689952
This commit is contained in:
mountford 2017-02-27 13:53:10 -08:00 committed by Ben McIlwain
parent a5932c0fc3
commit c7a62e9b98
12 changed files with 227 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

4
java/google/registry/request/auth/AppEngineInternalAuthenticationMechanism.java
View file

@ -17,6 +17,7 @@ package google.registry.request.auth;
import static google.registry.request.auth.AuthLevel.APP;
import static google.registry.request.auth.AuthLevel.NONE;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
/**
@ -56,6 +57,9 @@ public class AppEngineInternalAuthenticationMechanism implements AuthenticationM
// As defined in the App Engine request header documentation.
private static final String QUEUE_NAME_HEADER = "X-AppEngine-QueueName";
@Inject
public AppEngineInternalAuthenticationMechanism() {}
@Override
public AuthResult authenticate(HttpServletRequest request) {
if (request.getHeader(QUEUE_NAME_HEADER) == null) {