spring-security/docs/modules/ROOT/pages/migration/servlet/exploits.adoc

= Exploit Protection Migrations

The following steps relate to how to finish migrating exploit protection support.

== CSRF BREACH with WebSocket support

In Spring Security 5.8, the default `ChannelInterceptor` for making the `CsrfToken` available with xref:servlet/integrations/websocket.adoc[WebSocket Security] is `CsrfChannelInterceptor`.
`XorCsrfChannelInterceptor` was added to allow opting into CSRF BREACH support.

In Spring Security 6, `XorCsrfChannelInterceptor` is the default `ChannelInterceptor` for making the `CsrfToken` available.
If you configured the `XorCsrfChannelInterceptor` only for the purpose of updating to 6.0, you can remove it completely.
Add section for migrating WebSocket support Issue gh-12378 2023-01-27 05:34:50 +08:00			`= Exploit Protection Migrations`

			`The following steps relate to how to finish migrating exploit protection support.`

			`== CSRF BREACH with WebSocket support`

			In Spring Security 5.8, the default `ChannelInterceptor` for making the `CsrfToken` available with xref:servlet/integrations/websocket.adoc[WebSocket Security] is `CsrfChannelInterceptor`.
			`XorCsrfChannelInterceptor` was added to allow opting into CSRF BREACH support.

			In Spring Security 6, `XorCsrfChannelInterceptor` is the default `ChannelInterceptor` for making the `CsrfToken` available.
			If you configured the `XorCsrfChannelInterceptor` only for the purpose of updating to 6.0, you can remove it completely.