Update POM file with new version: heroku-tst-6

Author: commjoen

Dockerfile.web

@@ -1,4 +1,4 @@
-FROM jeroenwillemsen/wrongsecrets:heroku-tst-5-no-vault
+FROM jeroenwillemsen/wrongsecrets:heroku-tst-6-no-vault
 
 ARG argBasedVersion="1.3.10"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"

pom.xml

@@ -9,7 +9,7 @@
     </parent>
     <groupId>org.owasp</groupId>
     <artifactId>wrongsecrets</artifactId>
-    <version>heroku-tst-5-SNAPSHOT</version>
+    <version>heroku-tst-6-SNAPSHOT</version>
     <name>OWASP WrongSecrets</name>
     <description>Examples with how to not use secrets</description>
     <url>https://owasp.org/www-project-wrongsecrets/</url>

src/main/java/org/owasp/wrongsecrets/HerokuWebSecurityConfig.java

@@ -7,16 +7,13 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
-@EnableWebSecurity(debug = true)
 @Order(1)
 public class HerokuWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.requiresChannel()
             .requestMatchers(r -> r.getHeader("x-forwarded-proto") != null || r.getHeader("X-Forwarded-Proto") != null)
-            .requiresSecure()
-            .and()
-            .csrf().disable();
+            .requiresSecure();
     }
 }

src/main/java/org/owasp/wrongsecrets/canaries/TokenCallbackSecurityConfiguration.java

@@ -7,7 +7,6 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
-@EnableWebSecurity(debug = true)
 @Order(0)
 public class TokenCallbackSecurityConfiguration extends WebSecurityConfigurerAdapter {