Spring 安全自动 CSRF 令牌创建不适用于 Firefox
[英]Spring Security auto CSRF token creation is not working on Firefox
问题描述
When I upload a file through my app that uses Spring framework and spring security, it sends a CSRF token in the request through Spring to prevent CSRF.
当我通过使用 Spring 框架和 spring 安全性的应用程序上传文件时,它会通过 Spring 在请求中发送 CSRF 令牌以防止 CSRF。 This token does not seem to be generated as it's left out of the request URL in Firefox.此令牌似乎没有生成,因为它在 Firefox 中的请求 URL 中被遗漏了。 Again, this is happening in Firefox only.同样,这仅在 Firefox 中发生。 Does anyone have any experience with this and/or have any insight as to why this is happening?有没有人对此有任何经验和/或对为什么会发生这种情况有任何见解? I've tried accepting cookies from this website in the browser and doing a few hacks in my code to allow it, but none of it seems to work.我尝试在浏览器中从该网站接受 cookies 并在我的代码中进行一些黑客攻击以允许它,但似乎都不起作用。 Thank you.谢谢你。
1 个解决方案
解决方案1
0 已采纳 2020-05-19 15:33:28
In case anyone is wondering, it turns out that my async call to retrieve a new CSRF token wasn't firing on time and the form would post without it, hence causing this error message from Spring.万一有人想知道,事实证明我检索新 CSRF 令牌的异步调用没有按时触发,并且表单会在没有它的情况下发布,因此导致来自 Spring 的此错误消息。 Check if you're posting the form prematurely if you're getting this error.如果您收到此错误,请检查您是否过早发布表单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.