1 | package edu.ucsb.cs156.rec.controllers; | |
2 | ||
3 | import org.springframework.context.annotation.Profile; | |
4 | import org.springframework.security.web.csrf.CsrfToken; | |
5 | import org.springframework.web.bind.annotation.GetMapping; | |
6 | import org.springframework.web.bind.annotation.RestController; | |
7 | ||
8 | | |
9 | import io.swagger.v3.oas.annotations.Operation; | |
10 | import io.swagger.v3.oas.annotations.tags.Tag; | |
11 | ||
12 | /** | |
13 | * The CSRF controller is used to get a CSRF token. | |
14 | * This is only enabled in the development profile, | |
15 | * and is used to test APIs with Postman or swagger.ui/ | |
16 | * | |
17 | * For more information on CSRF, do a web search on "Cross-Site Request Forgery". | |
18 | */ | |
19 | ||
20 | @Profile("development") | |
21 | @Tag(name = "CSRF (enabled only in development; can be used with Postman to test APIs)") | |
22 | @RestController | |
23 | public class CSRFController { | |
24 | ||
25 | /** | |
26 | * This method returns a CSRF token. | |
27 | * @param token the CSRF token, injected by Spring automatically | |
28 | * @return the CSRF token | |
29 | */ | |
30 | @Operation(summary= "Get a CSRF Token") | |
31 | @GetMapping("/csrf") | |
32 | public CsrfToken csrf(CsrfToken token) { | |
33 |
1
1. csrf : replaced return value with null for edu/ucsb/cs156/rec/controllers/CSRFController::csrf → KILLED |
return token; |
34 | } | |
35 | } | |
Mutations | ||
33 |
1.1 |