发表新帖
发表新帖

What is the reason to disable csrf in spring boot web application?

后端 未结
关注
3 549
暖寄归人
暖寄归人 2021-02-05 03:28

There are many tutorials where is shown how to disable csrf, 

csrf().disable()

(and other possibilities like .properties, .y

3条回答
  • 执笔经年
    执笔经年 (楼主)
    2021-02-05 04:17

    Spring recommend to use it when serving browser clients, if not it may be disabled:

    Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.

    I will add that even if you server browsers clients, but it's use internally only you may want/able to remove it.

    0 讨论(0)
 看不清?
提交回复
热议问题