We should rewrite the Spring Security documentation.
Comment From: spring-projects-issues
Stefan Haberl said:
There's a small documentation error in the latest CSRF section (http://docs.spring.io/spring-security/site/docs/3.2.x-SNAPSHOT/reference/html/csrf.html) concerning Multipart upload (13.5.4):
"The first option is to ensure that the MultipartFilter is specified before the Spring Security filter. Specifying the MultipartFilter after the Spring Security filter means that there is no authorization for invoking the MultipartFilter which means anyone can place temporary files on your server."
should probably read
"The first option is to ensure that the MultipartFilter is specified before the Spring Security filter. Specifying the MultipartFilter before the Spring Security filter means that there is no authorization for invoking the MultipartFilter which means anyone can place temporary files on your server."
Comment From: spring-projects-issues
Rob Winch said:
Thanks birnbuazn. Since this is a bug in the existing documentation and not related to the rewrite, I created SEC-2378 to address it.
Comment From: marcusdacoregio
I'll close this because it seems that the title is misleading and the problem was solved on another issue.