1 00:00:00,320 --> 00:00:06,060 In the last, we do have looked at an error, which is Traw, whenever we try to submit a contact to 2 00:00:06,060 --> 00:00:13,590 the backend application, we know contact is a open part and there is no security is needed to access 3 00:00:13,590 --> 00:00:13,820 that. 4 00:00:14,040 --> 00:00:16,620 And we also implemented all sort of token. 5 00:00:16,650 --> 00:00:21,480 But still we are getting a four zero three four billion error due to CSIR official. 6 00:00:21,540 --> 00:00:29,040 This is due to where we logout for security reasons inside the Lakota company, not because we are clearing 7 00:00:29,040 --> 00:00:35,730 all the sition storage like the user details on the access token that we got from the backend application, 8 00:00:35,820 --> 00:00:37,080 which is expected. 9 00:00:37,260 --> 00:00:45,680 And there is no guarantee also that user will always log in to the application before accessing contact. 10 00:00:46,110 --> 00:00:52,200 So in such scenarios where the user directly going to the contact page and posting his message, we 11 00:00:52,200 --> 00:00:57,820 may not have access because we are getting out of broken only during the logging time and storing it 12 00:00:57,820 --> 00:00:59,060 to the station storage. 13 00:00:59,070 --> 00:01:08,340 And there is no need also for handling CSIR issue for the contact page because it's open to anyone and 14 00:01:08,340 --> 00:01:13,870 anyone can push data to that backend database because that is expected business functionality. 15 00:01:14,040 --> 00:01:21,180 So Forsett scenarios when you want for a few pages, Casarett should be ignored and for a few pages 16 00:01:21,510 --> 00:01:23,710 CSIRO should be implemented. 17 00:01:23,910 --> 00:01:29,120 We can always leverage spring security features provider. 18 00:01:29,340 --> 00:01:31,530 Let's try to go to the back and call here. 19 00:01:31,530 --> 00:01:41,840 We have declared SRF has to be enabled and that has to be for all the pods using this CSR token repository. 20 00:01:42,390 --> 00:01:49,050 But if we have a scenario where for a few bars you don't want the authorities to be enforced, we can 21 00:01:49,050 --> 00:01:56,460 always call ignoring and demand and define the we want to know in this scenario. 22 00:01:56,850 --> 00:02:05,070 We don't want any CSR to be applied for the contact pod misconfiguration indicate the CSR should not 23 00:02:05,070 --> 00:02:12,960 be enforced for contact page, but for all other pages and requests it has to be enforced and it uses 24 00:02:12,960 --> 00:02:14,530 CSR token repository. 25 00:02:14,820 --> 00:02:16,590 We conflict with this. 26 00:02:16,980 --> 00:02:18,370 We should all that error. 27 00:02:18,540 --> 00:02:23,120 Let's try to restart the server and going to the UK launching the browser. 28 00:02:23,430 --> 00:02:26,030 So now I'm directly going to the contact us page. 29 00:02:26,040 --> 00:02:32,000 So in this scenario, we never had a sort of token for the UI application and it never stored inside 30 00:02:32,010 --> 00:02:33,110 this machine storage. 31 00:02:33,120 --> 00:02:34,890 I'm trying to fill the data. 32 00:02:35,370 --> 00:02:40,110 It's connected to me is the subject and messages regarding. 33 00:02:40,590 --> 00:02:48,270 Oh no, as soon as I clicked, send a message, you can see your messages requestor and there is a reference 34 00:02:48,270 --> 00:02:49,710 ideal's a generator. 35 00:02:50,130 --> 00:02:57,150 We can also validate by going into the database, now into the database to call the contact message 36 00:02:57,150 --> 00:02:57,750 table. 37 00:02:58,050 --> 00:03:04,170 And this is the message that I have posted, and this is a service that got generated. 38 00:03:04,320 --> 00:03:11,660 So with this, we looked at how to resolve the Assaraf issue by disabling it, by having a token retreat. 39 00:03:11,820 --> 00:03:18,630 And at the same time, we also saw the mixed approach where for certain parts we don't want CSR to be 40 00:03:18,630 --> 00:03:19,290 enforced. 41 00:03:19,620 --> 00:03:23,150 And for other parts, CSR has to be followed. 42 00:03:23,430 --> 00:03:28,350 Let's try to wrap up this section by looking at the summary of the section in mixed review by.