Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'

Question

After configuring Spring Security 3.2, _csrf.token is not bound to a request or a session object.

This is the spring security config:

&l         


        

Answer 1

If you will apply security="none" then no csrf token will be generated. The page will not pass through security filter. Use role ANONYMOUS.

I have not gone in details, but it is working for me.