feat: Remove custom CSRF implementation in place of Quarkus impl (!318) · Merge requests · Eclipse Foundation / Software Development / APIs / Eclipse Foundation API SDK

Martin Lowe requested to merge malowe/main/testing-add-cookies into main Apr 07, 2026

feat: Remove custom CSRF implementation in place of Quarkus impl

This change removes all custom CSRF implementations and replaces them with the Quarkus implementation, which is a hardened and secure cookie based implementation. This will use HTTPOnly session cookies to provide safe multi pod access to the CSRF token, and reduce risk associated with tokens and retaining user data for any amount of time.

Resolves #120

Admin message

feat: Remove custom CSRF implementation in place of Quarkus impl

Merge request reports