Potential fix for code scanning alert no. 1: Disabled Spring CSRF protection

roryp · github-advanced-security[bot] · web-flow · commit b9da06ff0f8a · 2025-07-31T18:03:36.000+02:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/04-PracticalSamples/petstory/src/main/java/com/example/petstory/SecurityConfig.java b/04-PracticalSamples/petstory/src/main/java/com/example/petstory/SecurityConfig.java
@@ -21,7 +21,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             .authorizeHttpRequests(auth -> auth
                 .anyRequest().permitAll()
             )
-            .csrf(csrf -> csrf.disable()) // Disabled for simplicity in this demo
             .headers(headers -> headers
                 .frameOptions(frameOptions -> frameOptions.deny())
                 .contentTypeOptions(contentTypeOptions -> {})

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {`
`21`	`21`	`.authorizeHttpRequests(auth -> auth`
`22`	`22`	`.anyRequest().permitAll()`
`23`	`23`	`)`
`24`		`- .csrf(csrf -> csrf.disable()) // Disabled for simplicity in this demo`
`25`	`24`	`.headers(headers -> headers`
`26`	`25`	`.frameOptions(frameOptions -> frameOptions.deny())`
`27`	`26`	`.contentTypeOptions(contentTypeOptions -> {})`