发表新帖
发表新帖

Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'

前端 未结
关注
11 2489
你的背包
你的背包 2020-12-07 15:38

After configuring Spring Security 3.2, _csrf.token is not bound to a request or a session object.

This is the spring security config:

&l
11条回答
  • 暖寄归人
    暖寄归人 (楼主)
    2020-12-07 15:50

    It looks like the CSRF (Cross Site Request Forgery) protection in your Spring application is enabled. Actually it is enabled by default.

    According to spring.io:

    When should you use CSRF protection? Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.

    So to disable it:

    @Configuration
public class RestSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
  }
}

    If you want though to keep CSRF protection enabled then you have to include in your form the csrftoken. You can do it like this:

    
  ....other fields here....

    You can even include the CSRF token in the form's action:

    0 讨论(0)
 看不清?
提交回复
热议问题