search

ch4mpy / spring-addons

Ease spring OAuth2 resource-servers configuration and testing
Apache License 2.0
552 stars 89 forks source link

CSRF cookie_accessible_from_js produce 403 Forbidden on PUT requests #138

Closed Cybelius closed 1 year ago

Cybelius commented 1 year ago

Describe the bug I am following the bff tutorial and the logout endpoint seems to have an issue when using a PUT method. The request is ended with a 403 FORBIDDEN code and the response is: An expected CSRF token cannot be found.

This leads to NOT triggering the logout process for cognito or auht0 providers.

To make it works we need to disable csrf but I guess this is not the goal.

Expected behavior According to your tutorial and source code, is making PUT and POST requests working with cookie_accessible_from_js csrf option really possible?

ch4mpy commented 1 year ago

@Cybelius I'm sorry you jumped in right at the moment that bug was there.

Thank you for figuring out it was just fixed and closing your issue.