kakawait
commented
6 years ago By default application is CSRF protected. How do you confirm that CSRF is not enable for you? Because last time I tried I get CSRF by default
Open ankit-test-repo opened 6 years ago
kakawait
commented
6 years ago By default application is CSRF protected. How do you confirm that CSRF is not enable for you? Because last time I tried I get CSRF by default
ankit-test-repo
commented
6 years ago Yea ...i thought so too. But when debugging a controller method i cant seem to find the csrf token. Neither does it appear in header when debugging on the browser.
Below is the code i am using on my controller. I tried with other token names but none worked.
WebUtils.getCookie(request, "XSRF-TOKEN").getValue();
any idea?
kakawait
commented
6 years ago @ankitwashere By default Spring security will not include your CSRF token on client side, you must include it or use CookieCsrfTokenRepository as described in doc https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#csrf-include-csrf-token
Hi, I am having difficulties enabling csrf
I have added
security.enable-csrf=truein properties file. However i think the line 191 in CasHttpSecurityConfigurer.java still gets triggeredIs there a different property that needs to be set ?