REST请求中缺少CSRF令牌
[英]Missing CSRF token in REST request
问题描述
I'm writing a REST API using Spring MVC. 
我正在使用Spring MVC编写REST API。 I'm trying to access a controller method via a POST request. 我正在尝试通过POST请求访问控制器方法。
I always receive a 403 error: 我总是收到403错误:
Invalid CSRF Token '' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.
How can I deliver a CSRF token within my REST request? 如何在我的REST请求中传递CSRF令牌? I tried to use the default security password which is displayed during application startup as the value for _csrf but it wasn't successful. 我尝试使用在应用程序启动期间显示的default security password作为_csrf的值, _csrf成功。
How can I retrieve the CSRF token and is it correct to send the token in the _csrf parameter? 如何获取CSRF令牌,并且在_csrf参数中发送令牌是否正确?
1 个解决方案
解决方案1
1 已采纳 2014-07-07 18:38:51
You will need to provide the correct header and CSRF token when making the request eg 发出请求时,您将需要提供正确的标头和CSRF令牌,例如
request.setRequestHeader('${_csrf.headerName}', '${_csrf.token}');
You can also send the token as a request parameter using _csrf.parameterName . 您还可以使用_csrf.parameterName将令牌作为请求参数_csrf.parameterName 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.