From 5945c3501d139f70785bc0b64288bcff804e21ad Mon Sep 17 00:00:00 2001
From: Phill Conrad <phtcon@ucsb.edu>
Date: Mon, 20 May 2024 15:50:25 -0700
Subject: [PATCH] pc - DO NOT MERGE disable csrf as test to see if that's the
 issue

---
 src/main/java/edu/ucsb/cs156/example/config/SecurityConfig.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/ucsb/cs156/example/config/SecurityConfig.java b/src/main/java/edu/ucsb/cs156/example/config/SecurityConfig.java
index b0f8acbd..c098ab8d 100644
--- a/src/main/java/edu/ucsb/cs156/example/config/SecurityConfig.java
+++ b/src/main/java/edu/ucsb/cs156/example/config/SecurityConfig.java
@@ -54,7 +54,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
         .exceptionHandling(handling -> handling.authenticationEntryPoint(new Http403ForbiddenEntryPoint()))
         .oauth2Login(oauth2 -> oauth2.userInfoEndpoint(userInfo -> userInfo.userAuthoritiesMapper(this.userAuthoritiesMapper())))
-        .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
+        .csrf(csrf -> csrf.disable())
         .logout(logout -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/"));
     return http.build();
   }