I am trying to hit an endpoint from Postman, but I am getting
{
"status":403,"message":"Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.",
"errorCode":2,"timestamp":1577971981970
}
There is a class which extends WebSecurityConfigurerAdapter
where I tried to configure and allow this endpoint
.and()
.authorizeRequests()
.antMatchers("api/reset-password/**")
.anyRequest().authenticated()
I still get the same result. I even tried to completely disable the CSRF in the application.properties with security.enable-csrf=false
but the result is the same I also tried to hit other endpoints which were configured before I add my new endpoint and it behaves the same way.
From Spring.io https://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html
When should you use CSRF protection? Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.
to disable it
@Configuration
public class RestSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
if you want to add it to a form action do this
<form action="./upload?${_csrf.parameterName}=${_csrf.token}" method="post" enctype="multipart/form-data">
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.