From 76384de26f0fc65d1b906da91f80b8a8667aeb0c Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 14 Jan 2017 18:26:11 +0100
Subject: [PATCH] enabled xsrf be default and remove claim prefix to reduce
 size

---
 scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java   | 2 +-
 scm-webapp/src/main/java/sonia/scm/security/Xsrf.java           | 2 +-
 .../src/main/webapp/resources/js/security/sonia.security.js     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java b/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
index e0916f2460..ac22c1403e 100644
--- a/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
+++ b/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
@@ -734,5 +734,5 @@ public class ScmConfiguration
    * @since 1.47
    */
   @XmlElement(name = "xsrf-protection")
-  private boolean enabledXsrfProtection = false;
+  private boolean enabledXsrfProtection = true;
 }
diff --git a/scm-webapp/src/main/java/sonia/scm/security/Xsrf.java b/scm-webapp/src/main/java/sonia/scm/security/Xsrf.java
index e82dd26150..0241d94b20 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/Xsrf.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/Xsrf.java
@@ -40,7 +40,7 @@ public final class Xsrf {
   
   static final String HEADER_KEY = "X-XSRF-Token";
   
-  static final String CLAIMS_KEY = "scm-manager.org/xsrf";
+  static final String CLAIMS_KEY = "xsrf";
 
   private Xsrf() {
   }
diff --git a/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js b/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js
index 23f41374a7..ce7fc8efdc 100644
--- a/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js
+++ b/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js
@@ -39,7 +39,7 @@ Sonia.security.getXsrfToken = function() {
     tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/');
     if (window.atob) {
       var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed));
-      return token['scm-manager.org/xsrf'];
+      return token['xsrf'];
     } else if (debug) {
       console.log('ERROR: browser does not support window.atob');
     }