问题
In the browser I can see CSRF token in URL which I want to avoid.
http://localhost:8080/......./new?someval=val&CSRFToken=1975f761-fb40-4146-ad02-29ba9d5b3cdd
The root cause is we are using FORM tag with http method GET. This is being used as some hidden parameters we want to pass to controller for some processing.
How to avoid CSRF token in URL. Because I dont want to remove form as it is already tested and will be a testing impact.
回答1:
I had the same issue and I changed the submission's method of the form to post
<form action="" method="post">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<!-- other tag -->
</form>
来源:https://stackoverflow.com/questions/45344101/avoid-csrf-token-in-urls