Skip to content

Improve principal checks for SockJS session #36681

@rstoyanchev

Description

@rstoyanchev

In TransportHandlingSockJsSession, when the original principal is null, we don't perform any further checks, but could at least verify the original remote address matches that of the current request.

Metadata

Metadata

Assignees

Labels

in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions