问题
I have a jsf 2.2 web application without using the spring framework.
I searched on google and found out that jsf 2.2 provides out of the box csrf protection and you just have to enable it.
So I did that following this link. Jsf2.2 csrf demo
And added this in my faces.config.xml file
<protected-views>
<url-pattern>/csrf_protected_page.xhtml</url-pattern>
</protected-views>
But how to set up url-pattern for all my .xhtml pages I have tried:
<url-pattern>/*</url-pattern>
<url-pattern>/*.xhtml</url-pattern>
<url-pattern>/faces/*.xhtml</url-pattern>
But none of these work.
来源:https://stackoverflow.com/questions/59728259/how-to-set-up-csrf-protection-in-jsf2-2-web-application