diff --git a/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java b/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java index 7bbf810929a8b51e5c692101907ea065bb632d0d..bd40dd29a796cfa2e8b65e5dbefe21c21dd70780 100644 --- a/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java +++ b/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java @@ -46,14 +46,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http. - sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and() + sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and() .requiresChannel().requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null).requiresSecure() .and() // If the X-Forwarded-Proto header is present, redirect to HTTPS (Heroku) .csrf().disable() //.requireCsrfProtectionMatcher(new CSRFRequestMatcher()) // .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .authorizeRequests() - .antMatchers("/assets/**", "/", "/register").permitAll() + .antMatchers("/assets/**", "/", "/register", "/myNewUser").permitAll() .anyRequest().authenticated() .and() .formLogin()