stackoom
  简体   繁体   中英

Conditional CSRF protection in Spring security

 原文  2021-11-12 09:20:26       java/ spring-boot/ rest/ spring-security

Question

We are developing a web API using Spring Boot that should support a React client alongside mobile apps. For the web side of things we use session management with cookies for authorization and have CSRF enabled, the mobile application will be sending authorization info using bearer tokens. Now let's say we have an endpoint for modifying user data that will be used both by the React client and the mobile app,is there a way to disable CSRF checks when the mobile application is trying to access it, since the mobile application shouldn't really be vulnerable to CSRF attacks?

1 answers

solution1
 0 ACCPTED  2021-11-12 09:34:40

Is there a way to disable CSRF checks when the mobile application is trying to access it

Yes, you can have the mobile version use a different URL. And then you can configure the HttpSecurity bean like this.

     http
         .csrf()
             .ignoringAntMatchers("/my-csrf-disabled-uri-for-mobile/**")
             .and()

Does this solve your problem ? Tell me in the comments.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Installing Spring Security to enable CSRF protection in Spring MVC Logging in/out of Spring application using Spring Security and CSRF protection Spring security: activating csrf protection breaks other functionality Spring CSRF protection for login only CSRF Protection with Spring MVC and Thymeleaf Spring Security and CSRF attack CSRF and Spring Security Spring OAuth2 client, CSRF protection spring security csrf disable issue CSRF Prevention with Spring Security and AngularJS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM