From c54a40647f5f41f601b451a3f936aded10775640 Mon Sep 17 00:00:00 2001
From: "pixee-demo[bot]" <194135640+pixee-demo[bot]@users.noreply.github.com>
Date: Fri, 7 Mar 2025 15:45:27 +0000
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20(Sonar)=20Fixed=20finding:=20"Make?=
 =?UTF-8?q?=20sure=20disabling=20Spring=20Security's=20CSRF=20protection?=
 =?UTF-8?q?=20is=20safe=20here."?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java b/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java
index 7afa030afd..d1f04a68d5 100644
--- a/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java
+++ b/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java
@@ -56,7 +56,7 @@ protected void configure(HttpSecurity http) throws Exception {
             .authenticated()
             .anyRequest()
             .permitAll();
-    security.and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true");
+    security.and().csrf().formLogin().loginPage("/login").failureUrl("/login?error=true");
     security.and().formLogin().loginPage("/login").defaultSuccessUrl("/home", true).permitAll();
     security.and().logout().permitAll();
   }