Commit 8585cf19 authored by Matija Obreza's avatar Matija Obreza

Moved /google/verify-token to /api

- /api/** does not have CSRF
parent a5ffb5f2
......@@ -122,7 +122,7 @@ public class GoogleSocialController extends BaseController {
* @param clientId the client id
* @return the object
*/
@RequestMapping(value = "/google/verify-token", method = RequestMethod.POST)
@RequestMapping(value = "/api/google/verify-token", method = RequestMethod.POST)
@ResponseBody
public Object googleAuth(@RequestParam("tokenId") final String tokenId,
@RequestParam("clientId") final String clientId) throws UserException, IOException, GeneralSecurityException {
......
......@@ -133,6 +133,7 @@ public class OAuth2ServerConfig {
// /api/**
// authorizations
.antMatcher("/api/v0/info/version").anonymous().and()
.antMatcher("/api/google/**").anonymous().and() // Allow anonymous request for google auth
// others must be authenticated
.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment