The builtin spring security CSRF protection should be enabled. This will require updates to pass-ui and the pass-support data client as well.
Why?
PASS is vulnerable to Cross-Site Request Forgery attacks without proper mitigation.
How?
Enable the disable CSRF protection in pass-core-main. Then fix tests. Then update the data client in pass-support to handle the token. Finally update pass-ui for the token.
Acceptance Criteria
All tests should pass with CSRF protection enabled.
What?
The builtin spring security CSRF protection should be enabled. This will require updates to pass-ui and the pass-support data client as well.
Why?
PASS is vulnerable to Cross-Site Request Forgery attacks without proper mitigation.
How?
Enable the disable CSRF protection in pass-core-main. Then fix tests. Then update the data client in pass-support to handle the token. Finally update pass-ui for the token.
Acceptance Criteria
All tests should pass with CSRF protection enabled.
Related Issues
Blocked by #903