CSRF not working? - Githubissues

leangen / graphql-spqr-spring-boot-starter

Spring Boot 2 starter powered by GraphQL SPQR

Apache License 2.0

276 stars 68 forks source link

CSRF not working? #64

Open sdwske opened 4 years ago

sdwske commented 4 years ago

graphql-spqr-spring-boot-starter:0.0.4 spring-boot-starter-web:2.2.1 spring-boot-starter-security:2.2.1

Doing basically nothing but adding starter-security lands us with 405 at any /graphql request. After investigating issue HttpSecurity#csrf().disable() fixes the problem and querying works but we lose CSRF capability.

I read #4 , it was closed, but the issue persists? Will it be fixed by default in this project?

tommy4st commented 4 years ago

The following snippet should let you use CSRF with most SPAs. It's not specific to this project but SPAs and Spring in general. And it's nothing which can be fixed within this project, but your own WebSecurityConfiguration.

http
  // ...
  .csrf()
    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
    //.and()
  // ...