Issue/rest-386 xsrf improvements log only
David Black
Branch: issue/REST-386-xsrf-improvements-log-only
Branch: master
Merged
Merged pull request
Merged in issue/REST-386-xsrf-improvements-log-only (pull request #124)
Merged in issue/REST-386-xsrf-improvements-log-only (pull request #124)
REST-386: Log when a simple request fails origin checks, when a non-post mutative method fails origin checks, when a non-post mutative method fails standard csrf/xsrf checks and prefer the HttpServletRequest method over the ContainerRequest's method because the container request method may be changed by the CorsAcceptOptionsPreflightFilter.
Signed-off-by: David Black dblack@atlassian.com
REST-386: add a test for DELETE with a xsrfable content-type.
Signed-off-by: David Black dblack@atlassian.com