| 1 | package edu.ucsb.cs156.frontiers.controllers; | |
| 2 | ||
| 3 | import io.swagger.v3.oas.annotations.Operation; | |
| 4 | import io.swagger.v3.oas.annotations.tags.Tag; | |
| 5 | import org.springframework.context.annotation.Profile; | |
| 6 | import org.springframework.security.web.csrf.CsrfToken; | |
| 7 | import org.springframework.web.bind.annotation.GetMapping; | |
| 8 | import org.springframework.web.bind.annotation.RestController; | |
| 9 | ||
| 10 | /** | |
| 11 | * The CSRF controller is used to get a CSRF token. This is only enabled in the development profile, | |
| 12 | * and is used to test APIs with Postman or swagger.ui/ | |
| 13 | * | |
| 14 | * <p>For more information on CSRF, do a web search on "Cross-Site Request Forgery". | |
| 15 | */ | |
| 16 | @Profile("development") | |
| 17 | @Tag(name = "CSRF (enabled only in development; can be used with Postman to test APIs)") | |
| 18 | @RestController | |
| 19 | public class CSRFController { | |
| 20 | ||
| 21 | /** | |
| 22 | * This method returns a CSRF token. | |
| 23 | * | |
| 24 | * @param token the CSRF token, injected by Spring automatically | |
| 25 | * @return the CSRF token | |
| 26 | */ | |
| 27 | @Operation(summary = "Get a CSRF Token") | |
| 28 | @GetMapping("/csrf") | |
| 29 | public CsrfToken csrf(CsrfToken token) { | |
| 30 |
1
1. csrf : replaced return value with null for edu/ucsb/cs156/frontiers/controllers/CSRFController::csrf → KILLED |
return token; |
| 31 | } | |
| 32 | } | |
Mutations | ||
| 30 |
1.1 |