From 997a2f648acfe5acf67a94163cdb44f4712b16ed Mon Sep 17 00:00:00 2001
From: KronosDP <darrel.danadyaksa19@gmail.com>
Date: Wed, 26 Feb 2025 15:21:27 +0700
Subject: [PATCH] [REFACTOR] Update SecurityConfig to clarify CSRF protection
 handling

---
 .../com/safetypin/authentication/security/SecurityConfig.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/safetypin/authentication/security/SecurityConfig.java b/src/main/java/com/safetypin/authentication/security/SecurityConfig.java
index c79b353..dae1a16 100644
--- a/src/main/java/com/safetypin/authentication/security/SecurityConfig.java
+++ b/src/main/java/com/safetypin/authentication/security/SecurityConfig.java
@@ -16,7 +16,7 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
-                .csrf(AbstractHttpConfigurer::disable)  // Disable CSRF protection (not recommended for production)
+                // CSRF protection is enabled by default, so we don't disable it here
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/**").permitAll() // Allow all requests
                 )
-- 
GitLab