Logout and Login APIs don't work correctly after the recent upgrades

jvega190 commented 1 month ago

Duplicates

[X] I have searched the existing issues

Latest version

[X] The issue is in the develop branch
[ ] The issue is in the latest released 4.1.x
[ ] The issue is in the latest released 4.0.x
[ ] The issue is in the latest released 3.1.x

Describe the issue

Logout API is giving a 403 response. Also, re-logging in after a timeout is giving a 403 response.

Steps to reproduce

Steps:

Login into studio
Open the navigation menu and click on 'logout'
See the issue

Re-logging
1. Login into studio
2. Wait for the session to expire and try to login again
3. See the issue

Relevant log output

No response

Screenshots and/or videos

Screenshot from 2024-05-14 12-26-58

phuongnq commented 1 month ago

This is a spring security issue in v6 where it is expecting the csrf string to be encoded in base64, which is not the case for JavaScript applications: https://github.com/spring-projects/spring-security/issues/12869 The solution is to use a delegate to handle the raw csrf string.

Euquimides commented 1 month ago

Hi! Updated and rechecked this issue. Fix verified. Thank you! Closing this ticket

craftercms / craftercms