l-with
commented
4 years ago because of Spring Security built-in CSRF protection (s. section 4.3.4 in the book)
Open wellar opened 4 years ago
l-with
commented
4 years ago because of Spring Security built-in CSRF protection (s. section 4.3.4 in the book)
Halverson-Jason
commented
3 years ago This is due to CSFR protection, Per the book you need to include the Thymeleaf prefix on a part of the from submission, for example in the design.html form you can change it to the following: <form th:method="POST" th:object="${design}" th:action="@{/design}" id="tacoForm">
sandeep-sparrow
commented
1 year ago yes the CSRF was enabled by default so above changes helped.
At first I successfully create a user and log the user in. But when I create a new Taco with the design-page and submit the creation I get a Forbidden-Access-error (status=403). I saw in github that at the design.html-file the author added "th:action="@{/design}"" in the form-tag. This addition in fact solved the problem. According to the description in chapter 2.2 the action-attribute is not necessary because the POST-request will automatically be sent to the same path as the corresponding GET-request. So I don`t understand why now the attribute is necessary.