Disable suffix pattern matching for Endpoints
Update EndpointHandlerMapping so that setUseSuffixPatternMatch is set to false. This prevents URLs of the form /beans.json from returning results and provides another line of defense against RDF attacks. Fixes gh-4402
This commit is contained in:
parent
10d407a516
commit
09b5222f52
|
@ -80,6 +80,7 @@ public class EndpointHandlerMapping extends RequestMappingHandlerMapping {
|
||||||
CorsConfiguration corsConfiguration) {
|
CorsConfiguration corsConfiguration) {
|
||||||
this.endpoints = new HashSet<MvcEndpoint>(endpoints);
|
this.endpoints = new HashSet<MvcEndpoint>(endpoints);
|
||||||
this.corsConfiguration = corsConfiguration;
|
this.corsConfiguration = corsConfiguration;
|
||||||
|
setUseSuffixPatternMatch(false);
|
||||||
// By default the static resource handler mapping is LOWEST_PRECEDENCE - 1
|
// By default the static resource handler mapping is LOWEST_PRECEDENCE - 1
|
||||||
// and the RequestMappingHandlerMapping is 0 (we ideally want to be before both)
|
// and the RequestMappingHandlerMapping is 0 (we ideally want to be before both)
|
||||||
setOrder(-100);
|
setOrder(-100);
|
||||||
|
|
Loading…
Reference in New Issue