[英]Cannot disable csrf Spring boot
I'm developing an android app and I'm using Spring as a REST backend. 我正在开发一个Android应用程序,我使用Spring作为REST后端。
Every time I try to make post request to the server I get a 403 response with this message "Expected CSRF token not found. Has your session expired?". 每当我尝试向服务器发出post请求时,我都会收到403响应,并显示“未找到预期的CSRF令牌。您的会话是否已过期?”。
I tried to disable csrf in the application.properties and with my own WebSecurityConfigurerAdapter
implementation but to no avail. 我试图在application.properties和我自己的
WebSecurityConfigurerAdapter
实现中禁用csrf,但无济于事。
Did I miss something ? 我错过了什么 ?
Try this : 尝试这个 :
.invalidateHttpSession(true)
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
.csrf()//Disabled CSRF protection
.disable();
Add this on your logoutSuccessHandler(...)
在你的
logoutSuccessHandler(...)
上添加这个
There are different ways to disable CSRF in Spring boot , by default in spring boot is enable 在Spring引导中有不同的方法可以禁用CSRF,默认情况下在spring boot中启用
1. By Java Configuration 1.通过Java配置
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
2. By Application.yml 2.通过Application.yml
security.enable-csrf: false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.