[英]How can I make spring security accept csrf tokens that are sent via json. It's currently working via multipart/form-data but not application/json
I believe the issue lies in the spring security module not being setup by default to parse json input.我认为问题在于 spring 安全模块未默认设置为解析 json 输入。 Issue is i have no clue where to look as i've been duckduckgo-ing this problem on and off for the last couple weeks to no avail.
问题是我不知道去哪里看,因为在过去的几周里,我一直在断断续续地解决这个问题,但无济于事。 This is specifically for the logout button.
这是专门用于注销按钮的。 It requires a form submission to logout and the form submission requires the csrf token.
它需要提交表单才能注销,并且提交表单需要 csrf 令牌。 The form will submit and logout successfully if the enctype is multipart/formdata but fails on any other type.
如果 enctype 是 multipart/formdata 但在任何其他类型上失败,则表单将成功提交和注销。 The request is being sent via fetch.
正在通过获取发送请求。 The return status code is 403 forbidden as it would be if there was a csrf issue.
返回状态代码是 403 forbidden,因为如果存在 csrf 问题,就会出现这种情况。
Any help would be much appreciated.任何帮助将非常感激。 Thanks Joseph
谢谢约瑟夫
I have tried to use https://ckinan.com/blog/spring-security-credentials-from-json-request/ but it wasn't what I needed.我尝试使用https://ckinan.com/blog/spring-security-credentials-from-json-request/但这不是我需要的。 It let me change the credentials into json but I don't believe it's what i need unless i'm thinking of this wrong and there is a way I can use it.
它让我将凭据更改为 json 但我不相信这是我需要的,除非我认为这是错误的并且有一种方法可以使用它。
The answer was to add the csrf token to the header instead of the body with the name X-CSRF-TOKEN答案是将 csrf 令牌添加到 header 而不是名称为 X-CSRF-TOKEN 的正文
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.