We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Found this: cve-2023-34035-mitigations And this: Improve CVE-2023-34035 detection
I've tried fixing this, managed to bypass the h2-console error, but still got some other error.
h2-console
This is the code that managed to fix the h2-console error:
@Bean MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) { return new MvcRequestMatcher.Builder(introspector); } @Bean public SecurityFilterChain filterChain(HttpSecurity http,MvcRequestMatcher.Builder mvc) throws Exception { http.csrf(csrfConfigurer -> csrfConfigurer.ignoringRequestMatchers(mvc.pattern("/api/**"), PathRequest.toH2Console())); http.headers(headersConfigurer -> headersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)); http.authorizeHttpRequests(auth -> auth .requestMatchers(mvc.pattern("/api/**")).permitAll() //This line is optional in .authenticated() case as .anyRequest().authenticated() //would be applied for H2 path anyway .requestMatchers(PathRequest.toH2Console()).authenticated() .anyRequest().authenticated() ); return http.build(); );
If I find a solution I will make a PR.
Hope this helps.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Found this: cve-2023-34035-mitigations
And this: Improve CVE-2023-34035 detection
I've tried fixing this, managed to bypass the
h2-consoleerror, but still got some other error.This is the code that managed to fix the
h2-consoleerror:If I find a solution I will make a PR.
Hope this helps.
The text was updated successfully, but these errors were encountered: