I have application that have CSRF protection provided by apache modules. My application containt a few pages that allow to upload some files, looks like this:
<form:form method="post" action="my.controller" enctype="multipart/form-data" id="form">
All stuff worked fine by the time we have updated our apache version from httpd-2.2.3 to httpd-2.2.15.
I've googled some time, and found that issue can be related to multipart/form-data parameter in the my form. In this case the form send as not secured. Also I've found that spring can handle stuff as above via MultipartFilter from spring doc http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html#csrf-multipartfilter
I am new in CSRF stuff. Will be good to know whehter it is possible to use spring CSRF protection with apache configuration to handle such cases.
Also I've found workaround where I can disable CSRF for needed URLs, like
RewriteRule /url/mycontroller.controller - [E=CSRF_IGNORE:yes]
But I am not sure wherer it will be correct one.
