AJAX request return 403 (Forbidden) error
Question
Ajax request to localhost return 403 error. However, when I change the controller requestMethod to GET and open the request "url" on the browser, it displays the json data returned from server.I wish to use the data to populate a dropdown list. Please, help. I'm using spring security 4.0 with spring MVC frame work. CSRF is not disable. Also, the url is secured in spring.
I have checked related questions here but didn't see a solution that helps me.
2 answers
solution1
5 ACCPTED 2016-01-12 04:46:48
You are receiving a 403 because of one of these reasons:
- Your controller is not accepting POST call
- You are not submitting a CSRF with your ajax post call
- You are making an incorrect call from your ajax
For each of the above:
- Ensure your controller accepts POST call
- Ensure your ajax POST calls are also submitting CSRF
- Ensure you use the correct type of call depending on the requirements (data retrieval should be GET, creation should be POST, modification should be PUT and removal should be DELETE, check out the restful guidelines for best practice enter link description here
The answer you provided doesn't help you understand what your problem is thus you will face more of these types of issues down the track which will be difficult to troubleshoot.
solution2
0 2016-01-12 04:05:36
I found a way out: I changed the request methods of both AJAX call and its controller from POST to GET and obtain 200 - OK status for request. Also, when I open the AJAX request "URL" on the browser on which I'm logged in on my web app, it displays JSON data. However, when I open on a browser on which I'm not logged in, Spring security requests my login - Perfect I guess!.
Please is this action OK from a security standpoint?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.